The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2023-05-01
URI Parameters
| Name |
In |
Required |
Type |
Description |
|
accountName
|
path |
True
|
string
|
The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
Regex pattern: ^[a-z0-9]+$
|
|
resourceGroupName
|
path |
True
|
string
|
The name of the resource group within the user's subscription. The name is case insensitive.
Regex pattern: ^[-\w\._\(\)]+$
|
|
subscriptionId
|
path |
True
|
string
|
The ID of the target subscription.
|
|
api-version
|
query |
True
|
string
|
The API version to use for this operation.
|
Request Body
| Name |
Type |
Description |
|
identity
|
Identity
|
The identity of the resource.
|
|
kind
|
Kind
|
Optional. Indicates the type of storage account. Currently only StorageV2 value supported by server.
|
|
properties.accessTier
|
AccessTier
|
Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.
|
|
properties.allowBlobPublicAccess
|
boolean
|
Allow or disallow public access to all blobs or containers in the storage account. The default interpretation is false for this property.
|
|
properties.allowCrossTenantReplication
|
boolean
|
Allow or disallow cross AAD tenant object replication. Set this property to true for new or existing accounts only if object replication policies will involve storage accounts in different AAD tenants. The default interpretation is false for new accounts to follow best security practices by default.
|
|
properties.allowSharedKeyAccess
|
boolean
|
Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Provides the identity based authentication settings for Azure Files.
|
|
properties.customDomain
|
CustomDomain
|
Custom domain assigned to the storage account by the user. Name is the CNAME source. Only one custom domain is supported per storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name property.
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property.
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.
|
|
properties.enableExtendedGroups
|
boolean
|
Enables extended group support with local users feature, if set to true
|
|
properties.encryption
|
Encryption
|
Not applicable. Azure Storage encryption at rest is enabled by default for all storage accounts and cannot be disabled.
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
The property is immutable and can only be set to true at the account creation time. When set to true, it enables object level immutability for all the containers in the account by default.
|
|
properties.isLocalUserEnabled
|
boolean
|
Enables local users feature, if set to true
|
|
properties.isSftpEnabled
|
boolean
|
Enables Secure File Transfer Protocol, if set to true
|
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy assigned to the storage account.
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.
|
|
properties.networkAcls
|
NetworkRuleSet
|
Network rule set
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Allow, disallow, or let Network Security Perimeter configuration to evaluate public network access to Storage Account. Value is optional but if passed in, must be 'Enabled', 'Disabled' or 'SecuredByPerimeter'.
|
|
properties.routingPreference
|
RoutingPreference
|
Maintains information about the network routing choice opted by the user for data transfer
|
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy assigned to the storage account.
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Allows https traffic only to storage service if sets to true.
|
|
sku
|
Sku
|
Gets or sets the SKU name. Note that the SKU name cannot be updated to Standard_ZRS, Premium_LRS or Premium_ZRS, nor can accounts of those SKU names be updated to any other value.
|
|
tags
|
object
|
Gets or sets a list of key value pairs that describe the resource. These tags can be used in viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key no greater in length than 128 characters and a value no greater in length than 256 characters.
|
Responses
| Name |
Type |
Description |
|
200 OK
|
StorageAccount
|
OK -- storage account properties updated successfully.
|
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name |
Description |
|
user_impersonation
|
impersonate your user account
|
Examples
StorageAccountEnableAD
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"azureFilesIdentityBasedAuthentication": {
"directoryServiceOptions": "AD",
"activeDirectoryProperties": {
"domainName": "adtest.com",
"netBiosDomainName": "adtest.com",
"forestName": "adtest.com",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"samAccountName": "sam12498",
"accountType": "User"
}
}
}
}
import com.azure.resourcemanager.storage.models.ActiveDirectoryProperties;
import com.azure.resourcemanager.storage.models.ActiveDirectoryPropertiesAccountType;
import com.azure.resourcemanager.storage.models.AzureFilesIdentityBasedAuthentication;
import com.azure.resourcemanager.storage.models.DirectoryServiceOptions;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
*/
/**
* Sample code: StorageAccountEnableAD.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountEnableAD(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters().withAzureFilesIdentityBasedAuthentication(
new AzureFilesIdentityBasedAuthentication().withDirectoryServiceOptions(DirectoryServiceOptions.AD)
.withActiveDirectoryProperties(new ActiveDirectoryProperties().withDomainName("adtest.com")
.withNetBiosDomainName("adtest.com").withForestName("adtest.com")
.withDomainGuid("aebfc118-9fa9-4732-a21f-d98e41a77ae1")
.withDomainSid("S-1-5-21-2400535526-2334094090-2402026252")
.withAzureStorageSid("S-1-5-21-2400535526-2334094090-2402026252-0012")
.withSamAccountName("sam12498").withAccountType(ActiveDirectoryPropertiesAccountType.USER))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_enable_ad.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"azureFilesIdentityBasedAuthentication": {
"activeDirectoryProperties": {
"accountType": "User",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainName": "adtest.com",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"forestName": "adtest.com",
"netBiosDomainName": "adtest.com",
"samAccountName": "sam12498",
},
"directoryServiceOptions": "AD",
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
func ExampleAccountsClient_Update_storageAccountEnableAd() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AzureFilesIdentityBasedAuthentication: &armstorage.AzureFilesIdentityBasedAuthentication{
ActiveDirectoryProperties: &armstorage.ActiveDirectoryProperties{
AccountType: to.Ptr(armstorage.ActiveDirectoryPropertiesAccountTypeUser),
AzureStorageSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252-0012"),
DomainGUID: to.Ptr("aebfc118-9fa9-4732-a21f-d98e41a77ae1"),
DomainName: to.Ptr("adtest.com"),
DomainSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252"),
ForestName: to.Ptr("adtest.com"),
NetBiosDomainName: to.Ptr("adtest.com"),
SamAccountName: to.Ptr("sam12498"),
},
DirectoryServiceOptions: to.Ptr(armstorage.DirectoryServiceOptionsAD),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AzureFilesIdentityBasedAuthentication: &armstorage.AzureFilesIdentityBasedAuthentication{
// ActiveDirectoryProperties: &armstorage.ActiveDirectoryProperties{
// AccountType: to.Ptr(armstorage.ActiveDirectoryPropertiesAccountTypeUser),
// AzureStorageSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252-0012"),
// DomainGUID: to.Ptr("aebfc118-9fa9-4732-a21f-d98e41a77ae1"),
// DomainName: to.Ptr("adtest.com"),
// DomainSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252"),
// ForestName: to.Ptr("adtest.com"),
// NetBiosDomainName: to.Ptr("adtest.com"),
// SamAccountName: to.Ptr("sam12498"),
// },
// DirectoryServiceOptions: to.Ptr(armstorage.DirectoryServiceOptionsAD),
// },
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
*/
async function storageAccountEnableAd() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
azureFilesIdentityBasedAuthentication: {
activeDirectoryProperties: {
accountType: "User",
azureStorageSid: "S-1-5-21-2400535526-2334094090-2402026252-0012",
domainGuid: "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
domainName: "adtest.com",
domainSid: "S-1-5-21-2400535526-2334094090-2402026252",
forestName: "adtest.com",
netBiosDomainName: "adtest.com",
samAccountName: "sam12498",
},
directoryServiceOptions: "AD",
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
AzureFilesIdentityBasedAuthentication = new FilesIdentityBasedAuthentication(DirectoryServiceOption.AD)
{
ActiveDirectoryProperties = new StorageActiveDirectoryProperties("adtest.com", Guid.Parse("aebfc118-9fa9-4732-a21f-d98e41a77ae1"))
{
NetBiosDomainName = "adtest.com",
ForestName = "adtest.com",
DomainSid = "S-1-5-21-2400535526-2334094090-2402026252",
AzureStorageSid = "S-1-5-21-2400535526-2334094090-2402026252-0012",
SamAccountName = "sam12498",
AccountType = ActiveDirectoryAccountType.User,
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"creationTime": "2017-06-01T02:42:41.7633306Z",
"azureFilesIdentityBasedAuthentication": {
"directoryServiceOptions": "AD",
"activeDirectoryProperties": {
"domainName": "adtest.com",
"netBiosDomainName": "adtest.com",
"forestName": "adtest.com",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"samAccountName": "sam12498",
"accountType": "User"
}
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/"
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountEnableCMK
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
*/
/**
* Sample code: StorageAccountEnableCMK.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountEnableCMK(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters().withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_enable_cmk.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
func ExampleAccountsClient_Update_storageAccountEnableCmk() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeSystemAssigned),
// PrincipalID: to.Ptr("911871cc-ffd1-4fc4-ac11-7a316433ea66"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
*/
async function storageAccountEnableCmk() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
encryption: {
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties()
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"identity": {
"principalId": "911871cc-ffd1-4fc4-ac11-7a316433ea66",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"type": "SystemAssigned"
},
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"creationTime": "2017-06-01T02:42:41.7633306Z",
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
}
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/"
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdate
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"isSftpEnabled": true,
"isLocalUserEnabled": true,
"enableExtendedGroups": true,
"defaultToOAuthAuthentication": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
}
}
}
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
*/
/**
* Sample code: StorageAccountUpdate.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdate(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20)).withIsSftpEnabled(true)
.withIsLocalUserEnabled(true).withEnableExtendedGroups(true)
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"enableExtendedGroups": True,
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isLocalUserEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
func ExampleAccountsClient_Update_storageAccountUpdate() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
EnableExtendedGroups: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsLocalUserEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// EnableExtendedGroups: to.Ptr(true),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// IsLocalUserEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
*/
async function storageAccountUpdate() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
enableExtendedGroups: true,
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
isLocalUserEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
IsSftpEnabled = true,
IsLocalUserEnabled = true,
IsExtendedGroupEnabled = true,
NetworkRuleSet = new StorageAccountNetworkRuleSet(StorageNetworkDefaultAction.Allow)
{
ResourceAccessRules =
{
new StorageAccountResourceAccessRule()
{
TenantId = Guid.Parse("72f988bf-86f1-41af-91ab-2d7cd011db47"),
ResourceId = new ResourceIdentifier("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
}
},
},
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
IsDefaultToOAuthAuthentication = false,
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"isSftpEnabled": true,
"isLocalUserEnabled": true,
"enableExtendedGroups": true,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateAllowedCopyScopeToAAD
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"allowedCopyScope": "AAD"
}
}
import com.azure.resourcemanager.storage.models.AllowedCopyScope;
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateAllowedCopyScopeToAAD.json
*/
/**
* Sample code: StorageAccountUpdateAllowedCopyScopeToAAD.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateAllowedCopyScopeToAAD(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withAllowedCopyScope(AllowedCopyScope.AAD),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_allowed_copy_scope_to_aad.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"allowedCopyScope": "AAD",
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
func ExampleAccountsClient_Update_storageAccountUpdateAllowedCopyScopeToAad() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
*/
async function storageAccountUpdateAllowedCopyScopeToAad() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
allowedCopyScope: "AAD",
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
NetworkRuleSet = new StorageAccountNetworkRuleSet(StorageNetworkDefaultAction.Allow)
{
ResourceAccessRules =
{
new StorageAccountResourceAccessRule()
{
TenantId = Guid.Parse("72f988bf-86f1-41af-91ab-2d7cd011db47"),
ResourceId = new ResourceIdentifier("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
}
},
},
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
AllowedCopyScope = AllowedCopyScope.Aad,
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"allowedCopyScope": "AAD",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateDisablePublicNetworkAccess
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"publicNetworkAccess": "Disabled"
}
}
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.PublicNetworkAccess;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateDisablePublicNetworkAccess.json
*/
/**
* Sample code: StorageAccountUpdateDisablePublicNetworkAccess.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountUpdateDisablePublicNetworkAccess(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withPublicNetworkAccess(PublicNetworkAccess.DISABLED),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_disable_public_network_access.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"publicNetworkAccess": "Disabled",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
func ExampleAccountsClient_Update_storageAccountUpdateDisablePublicNetworkAccess() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
*/
async function storageAccountUpdateDisablePublicNetworkAccess() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
publicNetworkAccess: "Disabled",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
NetworkRuleSet = new StorageAccountNetworkRuleSet(StorageNetworkDefaultAction.Allow)
{
ResourceAccessRules =
{
new StorageAccountResourceAccessRule()
{
TenantId = Guid.Parse("72f988bf-86f1-41af-91ab-2d7cd011db47"),
ResourceId = new ResourceIdentifier("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
}
},
},
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
PublicNetworkAccess = StoragePublicNetworkAccess.Disabled,
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"publicNetworkAccess": "Disabled",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
},
"keySource": "Microsoft.Keyvault",
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
*/
/**
* Sample code: StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateUserAssignedEncryptionIdentityWithCMK(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9101", "sto4445",
new StorageAccountUpdateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withKind(Kind.STORAGE)
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_user_assigned_encryption_identity_with_cmk.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"properties": {
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
func ExampleAccountsClient_Update_storageAccountUpdateUserAssignedEncryptionIdentityWithCmk() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9101", "sto4445", armstorage.AccountUpdateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
*/
async function storageAccountUpdateUserAssignedEncryptionIdentityWithCmk() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
string accountName = "sto4445";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Sku = new StorageSku(StorageSkuName.StandardLrs),
Identity = new ManagedServiceIdentity("UserAssigned")
{
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")] = new UserAssignedIdentity(),
},
},
Kind = StorageKind.Storage,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties()
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
EncryptionIdentity = new StorageAccountEncryptionIdentity()
{
EncryptionUserAssignedIdentity = "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7",
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5"
}
},
"type": "UserAssigned"
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"location": "eastus",
"tags": {},
"properties": {
"privateEndpointConnections": [],
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
},
"keySource": "Microsoft.Keyvault"
},
"accessTier": "Hot",
"provisioningState": "Succeeded",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/"
},
"primaryLocation": "eastus",
"statusOfPrimary": "available"
}
}
StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res131918/providers/Microsoft.Storage/storageAccounts/sto131918?api-version=2023-05-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
},
"keySource": "Microsoft.Keyvault",
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6"
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
/**
* Sample code: StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res131918",
"sto131918",
new StorageAccountUpdateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withKind(Kind.STORAGE)
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")
.withEncryptionFederatedIdentityClientId("3109d1c4-a5de-4d84-8832-feabb916a4b6"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_user_assigned_identity_with_federated_identity_client_id.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res131918",
account_name="sto131918",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"properties": {
"encryption": {
"identity": {
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6",
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
func ExampleAccountsClient_Update_storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res131918", "sto131918", armstorage.AccountUpdateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionFederatedIdentityClientID: to.Ptr("3109d1c4-a5de-4d84-8832-feabb916a4b6"),
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionFederatedIdentityClientID: to.Ptr("3109d1c4-a5de-4d84-8832-feabb916a4b6"),
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
async function storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res131918";
const accountName = "sto131918";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionFederatedIdentityClientId: "3109d1c4-a5de-4d84-8832-feabb916a4b6",
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res131918";
string accountName = "sto131918";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Sku = new StorageSku(StorageSkuName.StandardLrs),
Identity = new ManagedServiceIdentity("UserAssigned")
{
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")] = new UserAssignedIdentity(),
},
},
Kind = StorageKind.Storage,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties()
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
EncryptionIdentity = new StorageAccountEncryptionIdentity()
{
EncryptionUserAssignedIdentity = "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
EncryptionFederatedIdentityClientId = "3109d1c4-a5de-4d84-8832-feabb916a4b6",
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7",
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5"
}
},
"type": "UserAssigned"
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"location": "eastus",
"tags": {},
"properties": {
"privateEndpointConnections": [],
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6"
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
},
"keySource": "Microsoft.Keyvault"
},
"accessTier": "Hot",
"provisioningState": "Succeeded",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/"
},
"primaryLocation": "eastus",
"statusOfPrimary": "available"
}
}
StorageAccountUpdateWithImmutabilityPolicy
Sample request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"immutableStorageWithVersioning": {
"immutabilityPolicy": {
"immutabilityPeriodSinceCreationInDays": 15,
"allowProtectedAppendWrites": true,
"state": "Locked"
},
"enabled": true
}
}
}
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyProperties;
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyState;
import com.azure.resourcemanager.storage.models.ImmutableStorageAccount;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateWithImmutabilityPolicy.json
*/
/**
* Sample code: StorageAccountUpdateWithImmutabilityPolicy.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountUpdateWithImmutabilityPolicy(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withImmutableStorageWithVersioning(new ImmutableStorageAccount().withEnabled(true)
.withImmutabilityPolicy(new AccountImmutabilityPolicyProperties()
.withImmutabilityPeriodSinceCreationInDays(15)
.withState(AccountImmutabilityPolicyState.LOCKED).withAllowProtectedAppendWrites(true))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_with_immutability_policy.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"immutableStorageWithVersioning": {
"enabled": True,
"immutabilityPolicy": {
"allowProtectedAppendWrites": True,
"immutabilityPeriodSinceCreationInDays": 15,
"state": "Locked",
},
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
func ExampleAccountsClient_Update_storageAccountUpdateWithImmutabilityPolicy() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
Enabled: to.Ptr(true),
ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
AllowProtectedAppendWrites: to.Ptr(true),
ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
State: to.Ptr(armstorage.AccountImmutabilityPolicyStateLocked),
},
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
// Enabled: to.Ptr(true),
// ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
// AllowProtectedAppendWrites: to.Ptr(true),
// ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
// State: to.Ptr(armstorage.AccountImmutabilityPolicyStateLocked),
// },
// },
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
*/
async function storageAccountUpdateWithImmutabilityPolicy() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
immutableStorageWithVersioning: {
enabled: true,
immutabilityPolicy: {
allowProtectedAppendWrites: true,
immutabilityPeriodSinceCreationInDays: 15,
state: "Locked",
},
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
ImmutableStorageWithVersioning = new ImmutableStorageAccount()
{
IsEnabled = true,
ImmutabilityPolicy = new AccountImmutabilityPolicy()
{
ImmutabilityPeriodSinceCreationInDays = 15,
State = AccountImmutabilityPolicyState.Locked,
AllowProtectedAppendWrites = true,
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"immutableStorageWithVersioning": {
"immutabilityPolicy": {
"immutabilityPeriodSinceCreationInDays": 15,
"allowProtectedAppendWrites": true,
"state": "Locked"
},
"enabled": true
}
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
Definitions
| Name |
Description |
|
AccessTier
|
Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.
|
|
AccountImmutabilityPolicyProperties
|
This defines account-level immutability policy properties.
|
|
AccountImmutabilityPolicyState
|
The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted.
|
|
AccountStatus
|
Gets the status indicating whether the primary location of the storage account is available or unavailable.
|
|
AccountType
|
Specifies the Active Directory account type for Azure Storage.
|
|
Action
|
The action of virtual network rule.
|
|
ActiveDirectoryProperties
|
Settings properties for Active Directory (AD).
|
|
AllowedCopyScope
|
Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.
|
|
AzureFilesIdentityBasedAuthentication
|
Settings for Azure Files identity based authentication.
|
|
BlobRestoreParameters
|
Blob restore parameters
|
|
BlobRestoreProgressStatus
|
The status of blob restore progress. Possible values are: - InProgress: Indicates that blob restore is ongoing. - Complete: Indicates that blob restore has been completed successfully. - Failed: Indicates that blob restore is failed.
|
|
BlobRestoreRange
|
Blob range
|
|
BlobRestoreStatus
|
Blob restore status.
|
|
Bypass
|
Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.
|
|
CustomDomain
|
The custom domain assigned to this storage account. This can be set via Update.
|
|
DefaultAction
|
Specifies the default action of allow or deny when no other rules match.
|
|
DefaultSharePermission
|
Default share permission for users using Kerberos authentication if RBAC role is not assigned.
|
|
DirectoryServiceOptions
|
Indicates the directory service used. Note that this enum may be extended in the future.
|
|
DnsEndpointType
|
Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.
|
|
Encryption
|
The encryption settings on the storage account.
|
|
EncryptionIdentity
|
Encryption identity for the storage account.
|
|
EncryptionService
|
A service that allows server-side encryption to be used.
|
|
EncryptionServices
|
A list of services that support encryption.
|
|
Endpoints
|
The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object.
|
|
ExpirationAction
|
The SAS Expiration Action defines the action to be performed when sasPolicy.sasExpirationPeriod is violated. The 'Log' action can be used for audit purposes and the 'Block' action can be used to block and deny the usage of SAS tokens that do not adhere to the sas policy expiration period.
|
|
ExtendedLocation
|
The complex type of the extended location.
|
|
ExtendedLocationTypes
|
The type of the extended location.
|
|
GeoReplicationStats
|
Statistics related to replication for storage account's Blob, Table, Queue and File services. It is only available when geo-redundant replication is enabled for the storage account.
|
|
GeoReplicationStatus
|
The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.
|
|
Identity
|
Identity for the resource.
|
|
IdentityType
|
The identity type.
|
|
ImmutableStorageAccount
|
This property enables and defines account-level immutability. Enabling the feature auto-enables Blob Versioning.
|
|
IPRule
|
IP rule with specific IP or IP range in CIDR format.
|
|
KeyCreationTime
|
Storage account keys creation time.
|
|
KeyPolicy
|
KeyPolicy assigned to the storage account.
|
|
KeySource
|
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault
|
|
KeyType
|
Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped encryption key will be used. 'Service' key type implies that a default service key is used.
|
|
KeyVaultProperties
|
Properties of key vault.
|
|
Kind
|
Indicates the type of storage account.
|
|
LargeFileSharesState
|
Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.
|
|
MinimumTlsVersion
|
Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.
|
|
NetworkRuleSet
|
Network rule set
|
|
postFailoverRedundancy
|
The redundancy type of the account after an account failover is performed.
|
|
postPlannedFailoverRedundancy
|
The redundancy type of the account after a planned account failover is performed.
|
|
PrivateEndpoint
|
The Private Endpoint resource.
|
|
PrivateEndpointConnection
|
The Private Endpoint Connection resource.
|
|
PrivateEndpointConnectionProvisioningState
|
The current provisioning state.
|
|
PrivateEndpointServiceConnectionStatus
|
The private endpoint connection status.
|
|
PrivateLinkServiceConnectionState
|
A collection of information about the state of the connection between service consumer and provider.
|
|
ProvisioningState
|
Gets the status of the storage account at the time the operation was called.
|
|
PublicNetworkAccess
|
Allow, disallow, or let Network Security Perimeter configuration to evaluate public network access to Storage Account. Value is optional but if passed in, must be 'Enabled', 'Disabled' or 'SecuredByPerimeter'.
|
|
ResourceAccessRule
|
Resource Access Rule.
|
|
RoutingChoice
|
Routing Choice defines the kind of network routing opted by the user.
|
|
RoutingPreference
|
Routing preference defines the type of network, either microsoft or internet routing to be used to deliver the user data, the default option is microsoft routing
|
|
SasPolicy
|
SasPolicy assigned to the storage account.
|
|
Sku
|
The SKU of the storage account.
|
|
SkuConversionStatus
|
This property indicates the current sku conversion status.
|
|
SkuName
|
The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.
|
|
SkuTier
|
The SKU tier. This is based on the SKU name.
|
|
State
|
Gets the state of virtual network rule.
|
|
StorageAccount
|
The storage account.
|
|
StorageAccountInternetEndpoints
|
The URIs that are used to perform a retrieval of a public blob, file, web or dfs object via a internet routing endpoint.
|
|
StorageAccountMicrosoftEndpoints
|
The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object via a microsoft routing endpoint.
|
|
StorageAccountSkuConversionStatus
|
This defines the sku conversion status object for asynchronous sku conversions.
|
|
StorageAccountUpdateParameters
|
The parameters that can be provided when updating the storage account properties.
|
|
UserAssignedIdentity
|
UserAssignedIdentity for the resource.
|
|
VirtualNetworkRule
|
Virtual Network rule.
|
AccessTier
Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.
| Name |
Type |
Description |
|
Cold
|
string
|
|
|
Cool
|
string
|
|
|
Hot
|
string
|
|
|
Premium
|
string
|
|
AccountImmutabilityPolicyProperties
This defines account-level immutability policy properties.
| Name |
Type |
Description |
|
allowProtectedAppendWrites
|
boolean
|
This property can only be changed for disabled and unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted.
|
|
immutabilityPeriodSinceCreationInDays
|
integer
|
The immutability period for the blobs in the container since the policy creation, in days.
|
|
state
|
AccountImmutabilityPolicyState
|
The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted.
|
AccountImmutabilityPolicyState
The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted.
| Name |
Type |
Description |
|
Disabled
|
string
|
|
|
Locked
|
string
|
|
|
Unlocked
|
string
|
|
AccountStatus
Gets the status indicating whether the primary location of the storage account is available or unavailable.
| Name |
Type |
Description |
|
available
|
string
|
|
|
unavailable
|
string
|
|
AccountType
Specifies the Active Directory account type for Azure Storage.
| Name |
Type |
Description |
|
Computer
|
string
|
|
|
User
|
string
|
|
Action
The action of virtual network rule.
| Name |
Type |
Description |
|
Allow
|
string
|
|
ActiveDirectoryProperties
Settings properties for Active Directory (AD).
| Name |
Type |
Description |
|
accountType
|
AccountType
|
Specifies the Active Directory account type for Azure Storage.
|
|
azureStorageSid
|
string
|
Specifies the security identifier (SID) for Azure Storage.
|
|
domainGuid
|
string
|
Specifies the domain GUID.
|
|
domainName
|
string
|
Specifies the primary domain that the AD DNS server is authoritative for.
|
|
domainSid
|
string
|
Specifies the security identifier (SID).
|
|
forestName
|
string
|
Specifies the Active Directory forest to get.
|
|
netBiosDomainName
|
string
|
Specifies the NetBIOS domain name.
|
|
samAccountName
|
string
|
Specifies the Active Directory SAMAccountName for Azure Storage.
|
AllowedCopyScope
Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.
| Name |
Type |
Description |
|
AAD
|
string
|
|
|
PrivateLink
|
string
|
|
AzureFilesIdentityBasedAuthentication
Settings for Azure Files identity based authentication.
| Name |
Type |
Description |
|
activeDirectoryProperties
|
ActiveDirectoryProperties
|
Required if directoryServiceOptions are AD, optional if they are AADKERB.
|
|
defaultSharePermission
|
DefaultSharePermission
|
Default share permission for users using Kerberos authentication if RBAC role is not assigned.
|
|
directoryServiceOptions
|
DirectoryServiceOptions
|
Indicates the directory service used. Note that this enum may be extended in the future.
|
BlobRestoreParameters
Blob restore parameters
| Name |
Type |
Description |
|
blobRanges
|
BlobRestoreRange[]
|
Blob ranges to restore.
|
|
timeToRestore
|
string
|
Restore blob to the specified time.
|
BlobRestoreProgressStatus
The status of blob restore progress. Possible values are: - InProgress: Indicates that blob restore is ongoing. - Complete: Indicates that blob restore has been completed successfully. - Failed: Indicates that blob restore is failed.
| Name |
Type |
Description |
|
Complete
|
string
|
|
|
Failed
|
string
|
|
|
InProgress
|
string
|
|
BlobRestoreRange
Blob range
| Name |
Type |
Description |
|
endRange
|
string
|
Blob end range. This is exclusive. Empty means account end.
|
|
startRange
|
string
|
Blob start range. This is inclusive. Empty means account start.
|
BlobRestoreStatus
Blob restore status.
| Name |
Type |
Description |
|
failureReason
|
string
|
Failure reason when blob restore is failed.
|
|
parameters
|
BlobRestoreParameters
|
Blob restore request parameters.
|
|
restoreId
|
string
|
Id for tracking blob restore request.
|
|
status
|
BlobRestoreProgressStatus
|
The status of blob restore progress. Possible values are: - InProgress: Indicates that blob restore is ongoing. - Complete: Indicates that blob restore has been completed successfully. - Failed: Indicates that blob restore is failed.
|
Bypass
Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.
| Name |
Type |
Description |
|
AzureServices
|
string
|
|
|
Logging
|
string
|
|
|
Metrics
|
string
|
|
|
None
|
string
|
|
CustomDomain
The custom domain assigned to this storage account. This can be set via Update.
| Name |
Type |
Description |
|
name
|
string
|
Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source.
|
|
useSubDomainName
|
boolean
|
Indicates whether indirect CName validation is enabled. Default value is false. This should only be set on updates.
|
DefaultAction
Specifies the default action of allow or deny when no other rules match.
| Name |
Type |
Description |
|
Allow
|
string
|
|
|
Deny
|
string
|
|
DefaultSharePermission
Default share permission for users using Kerberos authentication if RBAC role is not assigned.
| Name |
Type |
Description |
|
None
|
string
|
|
|
StorageFileDataSmbShareContributor
|
string
|
|
|
StorageFileDataSmbShareElevatedContributor
|
string
|
|
|
StorageFileDataSmbShareReader
|
string
|
|
DirectoryServiceOptions
Indicates the directory service used. Note that this enum may be extended in the future.
| Name |
Type |
Description |
|
AADDS
|
string
|
|
|
AADKERB
|
string
|
|
|
AD
|
string
|
|
|
None
|
string
|
|
DnsEndpointType
Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.
| Name |
Type |
Description |
|
AzureDnsZone
|
string
|
|
|
Standard
|
string
|
|
Encryption
The encryption settings on the storage account.
| Name |
Type |
Default value |
Description |
|
identity
|
EncryptionIdentity
|
|
The identity to be used with service-side encryption at rest.
|
|
keySource
|
KeySource
|
Microsoft.Storage
|
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault
|
|
keyvaultproperties
|
KeyVaultProperties
|
|
Properties provided by key vault.
|
|
requireInfrastructureEncryption
|
boolean
|
|
A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.
|
|
services
|
EncryptionServices
|
|
List of services which support encryption.
|
EncryptionIdentity
Encryption identity for the storage account.
| Name |
Type |
Description |
|
federatedIdentityClientId
|
string
|
ClientId of the multi-tenant application to be used in conjunction with the user-assigned identity for cross-tenant customer-managed-keys server-side encryption on the storage account.
|
|
userAssignedIdentity
|
string
|
Resource identifier of the UserAssigned identity to be associated with server-side encryption on the storage account.
|
EncryptionService
A service that allows server-side encryption to be used.
| Name |
Type |
Description |
|
enabled
|
boolean
|
A boolean indicating whether or not the service encrypts the data as it is stored. Encryption at rest is enabled by default today and cannot be disabled.
|
|
keyType
|
KeyType
|
Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped encryption key will be used. 'Service' key type implies that a default service key is used.
|
|
lastEnabledTime
|
string
|
Gets a rough estimate of the date/time when the encryption was last enabled by the user. Data is encrypted at rest by default today and cannot be disabled.
|
EncryptionServices
A list of services that support encryption.
Endpoints
The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object.
| Name |
Type |
Description |
|
blob
|
string
|
Gets the blob endpoint.
|
|
dfs
|
string
|
Gets the dfs endpoint.
|
|
file
|
string
|
Gets the file endpoint.
|
|
internetEndpoints
|
StorageAccountInternetEndpoints
|
Gets the internet routing storage endpoints
|
|
microsoftEndpoints
|
StorageAccountMicrosoftEndpoints
|
Gets the microsoft routing storage endpoints.
|
|
queue
|
string
|
Gets the queue endpoint.
|
|
table
|
string
|
Gets the table endpoint.
|
|
web
|
string
|
Gets the web endpoint.
|
ExpirationAction
The SAS Expiration Action defines the action to be performed when sasPolicy.sasExpirationPeriod is violated. The 'Log' action can be used for audit purposes and the 'Block' action can be used to block and deny the usage of SAS tokens that do not adhere to the sas policy expiration period.
| Name |
Type |
Description |
|
Block
|
string
|
|
|
Log
|
string
|
|
ExtendedLocation
The complex type of the extended location.
| Name |
Type |
Description |
|
name
|
string
|
The name of the extended location.
|
|
type
|
ExtendedLocationTypes
|
The type of the extended location.
|
ExtendedLocationTypes
The type of the extended location.
| Name |
Type |
Description |
|
EdgeZone
|
string
|
|
GeoReplicationStats
Statistics related to replication for storage account's Blob, Table, Queue and File services. It is only available when geo-redundant replication is enabled for the storage account.
| Name |
Type |
Description |
|
canFailover
|
boolean
|
A boolean flag which indicates whether or not account failover is supported for the account.
|
|
canPlannedFailover
|
boolean
|
A boolean flag which indicates whether or not planned account failover is supported for the account.
|
|
lastSyncTime
|
string
|
All primary writes preceding this UTC date/time value are guaranteed to be available for read operations. Primary writes following this point in time may or may not be available for reads. Element may be default value if value of LastSyncTime is not available, this can happen if secondary is offline or we are in bootstrap.
|
|
postFailoverRedundancy
|
postFailoverRedundancy
|
The redundancy type of the account after an account failover is performed.
|
|
postPlannedFailoverRedundancy
|
postPlannedFailoverRedundancy
|
The redundancy type of the account after a planned account failover is performed.
|
|
status
|
GeoReplicationStatus
|
The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.
|
GeoReplicationStatus
The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.
| Name |
Type |
Description |
|
Bootstrap
|
string
|
|
|
Live
|
string
|
|
|
Unavailable
|
string
|
|
Identity
Identity for the resource.
| Name |
Type |
Description |
|
principalId
|
string
|
The principal ID of resource identity.
|
|
tenantId
|
string
|
The tenant ID of resource.
|
|
type
|
IdentityType
|
The identity type.
|
|
userAssignedIdentities
|
<string,
UserAssignedIdentity>
|
Gets or sets a list of key value pairs that describe the set of User Assigned identities that will be used with this storage account. The key is the ARM resource identifier of the identity. Only 1 User Assigned identity is permitted here.
|
IdentityType
The identity type.
| Name |
Type |
Description |
|
None
|
string
|
|
|
SystemAssigned
|
string
|
|
|
SystemAssigned,UserAssigned
|
string
|
|
|
UserAssigned
|
string
|
|
ImmutableStorageAccount
This property enables and defines account-level immutability. Enabling the feature auto-enables Blob Versioning.
| Name |
Type |
Description |
|
enabled
|
boolean
|
A boolean flag which enables account-level immutability. All the containers under such an account have object-level immutability enabled by default.
|
|
immutabilityPolicy
|
AccountImmutabilityPolicyProperties
|
Specifies the default account-level immutability policy which is inherited and applied to objects that do not possess an explicit immutability policy at the object level. The object-level immutability policy has higher precedence than the container-level immutability policy, which has a higher precedence than the account-level immutability policy.
|
IPRule
IP rule with specific IP or IP range in CIDR format.
| Name |
Type |
Default value |
Description |
|
action
|
Action
|
Allow
|
The action of IP ACL rule.
|
|
value
|
string
|
|
Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.
|
KeyCreationTime
Storage account keys creation time.
| Name |
Type |
Description |
|
key1
|
string
|
|
|
key2
|
string
|
|
KeyPolicy
KeyPolicy assigned to the storage account.
| Name |
Type |
Description |
|
keyExpirationPeriodInDays
|
integer
|
The key expiration period in days.
|
KeySource
The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault
| Name |
Type |
Description |
|
Microsoft.Keyvault
|
string
|
|
|
Microsoft.Storage
|
string
|
|
KeyType
Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped encryption key will be used. 'Service' key type implies that a default service key is used.
| Name |
Type |
Description |
|
Account
|
string
|
|
|
Service
|
string
|
|
KeyVaultProperties
Properties of key vault.
| Name |
Type |
Description |
|
currentVersionedKeyExpirationTimestamp
|
string
|
This is a read only property that represents the expiration time of the current version of the customer managed key used for encryption.
|
|
currentVersionedKeyIdentifier
|
string
|
The object identifier of the current versioned Key Vault Key in use.
|
|
keyname
|
string
|
The name of KeyVault key.
|
|
keyvaulturi
|
string
|
The Uri of KeyVault.
|
|
keyversion
|
string
|
The version of KeyVault key.
|
|
lastKeyRotationTimestamp
|
string
|
Timestamp of last rotation of the Key Vault Key.
|
Kind
Indicates the type of storage account.
| Name |
Type |
Description |
|
BlobStorage
|
string
|
|
|
BlockBlobStorage
|
string
|
|
|
FileStorage
|
string
|
|
|
Storage
|
string
|
|
|
StorageV2
|
string
|
|
LargeFileSharesState
Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.
| Name |
Type |
Description |
|
Disabled
|
string
|
|
|
Enabled
|
string
|
|
MinimumTlsVersion
Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.
| Name |
Type |
Description |
|
TLS1_0
|
string
|
|
|
TLS1_1
|
string
|
|
|
TLS1_2
|
string
|
|
|
TLS1_3
|
string
|
|
NetworkRuleSet
Network rule set
| Name |
Type |
Default value |
Description |
|
bypass
|
Bypass
|
AzureServices
|
Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.
|
|
defaultAction
|
DefaultAction
|
Allow
|
Specifies the default action of allow or deny when no other rules match.
|
|
ipRules
|
IPRule[]
|
|
Sets the IP ACL rules
|
|
resourceAccessRules
|
ResourceAccessRule[]
|
|
Sets the resource access rules
|
|
virtualNetworkRules
|
VirtualNetworkRule[]
|
|
Sets the virtual network rules
|
postFailoverRedundancy
The redundancy type of the account after an account failover is performed.
| Name |
Type |
Description |
|
Standard_LRS
|
string
|
|
|
Standard_ZRS
|
string
|
|
postPlannedFailoverRedundancy
The redundancy type of the account after a planned account failover is performed.
| Name |
Type |
Description |
|
Standard_GRS
|
string
|
|
|
Standard_GZRS
|
string
|
|
|
Standard_RAGRS
|
string
|
|
|
Standard_RAGZRS
|
string
|
|
PrivateEndpoint
The Private Endpoint resource.
| Name |
Type |
Description |
|
id
|
string
|
The ARM identifier for Private Endpoint
|
PrivateEndpointConnection
The Private Endpoint Connection resource.
| Name |
Type |
Description |
|
id
|
string
|
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
name
|
string
|
The name of the resource
|
|
properties.privateEndpoint
|
PrivateEndpoint
|
The resource of private end point.
|
|
properties.privateLinkServiceConnectionState
|
PrivateLinkServiceConnectionState
|
A collection of information about the state of the connection between service consumer and provider.
|
|
properties.provisioningState
|
PrivateEndpointConnectionProvisioningState
|
The provisioning state of the private endpoint connection resource.
|
|
type
|
string
|
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
|
PrivateEndpointConnectionProvisioningState
The current provisioning state.
| Name |
Type |
Description |
|
Creating
|
string
|
|
|
Deleting
|
string
|
|
|
Failed
|
string
|
|
|
Succeeded
|
string
|
|
PrivateEndpointServiceConnectionStatus
The private endpoint connection status.
| Name |
Type |
Description |
|
Approved
|
string
|
|
|
Pending
|
string
|
|
|
Rejected
|
string
|
|
PrivateLinkServiceConnectionState
A collection of information about the state of the connection between service consumer and provider.
| Name |
Type |
Description |
|
actionRequired
|
string
|
A message indicating if changes on the service provider require any updates on the consumer.
|
|
description
|
string
|
The reason for approval/rejection of the connection.
|
|
status
|
PrivateEndpointServiceConnectionStatus
|
Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.
|
ProvisioningState
Gets the status of the storage account at the time the operation was called.
| Name |
Type |
Description |
|
Creating
|
string
|
|
|
ResolvingDNS
|
string
|
|
|
Succeeded
|
string
|
|
PublicNetworkAccess
Allow, disallow, or let Network Security Perimeter configuration to evaluate public network access to Storage Account. Value is optional but if passed in, must be 'Enabled', 'Disabled' or 'SecuredByPerimeter'.
| Name |
Type |
Description |
|
Disabled
|
string
|
|
|
Enabled
|
string
|
|
|
SecuredByPerimeter
|
string
|
|
ResourceAccessRule
Resource Access Rule.
| Name |
Type |
Description |
|
resourceId
|
string
|
Resource Id
|
|
tenantId
|
string
|
Tenant Id
|
RoutingChoice
Routing Choice defines the kind of network routing opted by the user.
| Name |
Type |
Description |
|
InternetRouting
|
string
|
|
|
MicrosoftRouting
|
string
|
|
RoutingPreference
Routing preference defines the type of network, either microsoft or internet routing to be used to deliver the user data, the default option is microsoft routing
| Name |
Type |
Description |
|
publishInternetEndpoints
|
boolean
|
A boolean flag which indicates whether internet routing storage endpoints are to be published
|
|
publishMicrosoftEndpoints
|
boolean
|
A boolean flag which indicates whether microsoft routing storage endpoints are to be published
|
|
routingChoice
|
RoutingChoice
|
Routing Choice defines the kind of network routing opted by the user.
|
SasPolicy
SasPolicy assigned to the storage account.
| Name |
Type |
Default value |
Description |
|
expirationAction
|
ExpirationAction
|
Log
|
The SAS Expiration Action defines the action to be performed when sasPolicy.sasExpirationPeriod is violated. The 'Log' action can be used for audit purposes and the 'Block' action can be used to block and deny the usage of SAS tokens that do not adhere to the sas policy expiration period.
|
|
sasExpirationPeriod
|
string
|
|
The SAS expiration period, DD.HH:MM:SS.
|
Sku
The SKU of the storage account.
| Name |
Type |
Description |
|
name
|
SkuName
|
The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.
|
|
tier
|
SkuTier
|
The SKU tier. This is based on the SKU name.
|
SkuConversionStatus
This property indicates the current sku conversion status.
| Name |
Type |
Description |
|
Failed
|
string
|
|
|
InProgress
|
string
|
|
|
Succeeded
|
string
|
|
SkuName
The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.
| Name |
Type |
Description |
|
Premium_LRS
|
string
|
|
|
Premium_ZRS
|
string
|
|
|
Standard_GRS
|
string
|
|
|
Standard_GZRS
|
string
|
|
|
Standard_LRS
|
string
|
|
|
Standard_RAGRS
|
string
|
|
|
Standard_RAGZRS
|
string
|
|
|
Standard_ZRS
|
string
|
|
SkuTier
The SKU tier. This is based on the SKU name.
| Name |
Type |
Description |
|
Premium
|
string
|
|
|
Standard
|
string
|
|
State
Gets the state of virtual network rule.
| Name |
Type |
Description |
|
Deprovisioning
|
string
|
|
|
Failed
|
string
|
|
|
NetworkSourceDeleted
|
string
|
|
|
Provisioning
|
string
|
|
|
Succeeded
|
string
|
|
StorageAccount
The storage account.
| Name |
Type |
Description |
|
extendedLocation
|
ExtendedLocation
|
The extendedLocation of the resource.
|
|
id
|
string
|
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
identity
|
Identity
|
The identity of the resource.
|
|
kind
|
Kind
|
Gets the Kind.
|
|
location
|
string
|
The geo-location where the resource lives
|
|
name
|
string
|
The name of the resource
|
|
properties.accessTier
|
AccessTier
|
Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.
|
|
properties.accountMigrationInProgress
|
boolean
|
If customer initiated account migration is in progress, the value will be true else it will be null.
|
|
properties.allowBlobPublicAccess
|
boolean
|
Allow or disallow public access to all blobs or containers in the storage account. The default interpretation is false for this property.
|
|
properties.allowCrossTenantReplication
|
boolean
|
Allow or disallow cross AAD tenant object replication. Set this property to true for new or existing accounts only if object replication policies will involve storage accounts in different AAD tenants. The default interpretation is false for new accounts to follow best security practices by default.
|
|
properties.allowSharedKeyAccess
|
boolean
|
Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Provides the identity based authentication settings for Azure Files.
|
|
properties.blobRestoreStatus
|
BlobRestoreStatus
|
Blob restore status
|
|
properties.creationTime
|
string
|
Gets the creation date and time of the storage account in UTC.
|
|
properties.customDomain
|
CustomDomain
|
Gets the custom domain the user assigned to this storage account.
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property.
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.
|
|
properties.enableExtendedGroups
|
boolean
|
Enables extended group support with local users feature, if set to true
|
|
properties.encryption
|
Encryption
|
Encryption settings to be used for server-side encryption for the storage account.
|
|
properties.failoverInProgress
|
boolean
|
If the failover is in progress, the value will be true, otherwise, it will be null.
|
|
properties.geoReplicationStats
|
GeoReplicationStats
|
Geo Replication Stats
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
The property is immutable and can only be set to true at the account creation time. When set to true, it enables object level immutability for all the containers in the account by default.
|
|
properties.isHnsEnabled
|
boolean
|
Account HierarchicalNamespace enabled if sets to true.
|
|
properties.isLocalUserEnabled
|
boolean
|
Enables local users feature, if set to true
|
|
properties.isNfsV3Enabled
|
boolean
|
NFS 3.0 protocol support enabled if set to true.
|
|
properties.isSftpEnabled
|
boolean
|
Enables Secure File Transfer Protocol, if set to true
|
|
properties.isSkuConversionBlocked
|
boolean
|
This property will be set to true or false on an event of ongoing migration. Default value is null.
|
|
properties.keyCreationTime
|
KeyCreationTime
|
Storage account keys creation time.
|
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy assigned to the storage account.
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.
|
|
properties.lastGeoFailoverTime
|
string
|
Gets the timestamp of the most recent instance of a failover to the secondary location. Only the most recent timestamp is retained. This element is not returned if there has never been a failover instance. Only available if the accountType is Standard_GRS or Standard_RAGRS.
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.
|
|
properties.networkAcls
|
NetworkRuleSet
|
Network rule set
|
|
properties.primaryEndpoints
|
Endpoints
|
Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object. Note that Standard_ZRS and Premium_LRS accounts only return the blob endpoint.
|
|
properties.primaryLocation
|
string
|
Gets the location of the primary data center for the storage account.
|
|
properties.privateEndpointConnections
|
PrivateEndpointConnection[]
|
List of private endpoint connection associated with the specified storage account
|
|
properties.provisioningState
|
ProvisioningState
|
Gets the status of the storage account at the time the operation was called.
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Allow, disallow, or let Network Security Perimeter configuration to evaluate public network access to Storage Account.
|
|
properties.routingPreference
|
RoutingPreference
|
Maintains information about the network routing choice opted by the user for data transfer
|
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy assigned to the storage account.
|
|
properties.secondaryEndpoints
|
Endpoints
|
Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object from the secondary location of the storage account. Only available if the SKU name is Standard_RAGRS.
|
|
properties.secondaryLocation
|
string
|
Gets the location of the geo-replicated secondary for the storage account. Only available if the accountType is Standard_GRS or Standard_RAGRS.
|
|
properties.statusOfPrimary
|
AccountStatus
|
Gets the status indicating whether the primary location of the storage account is available or unavailable.
|
|
properties.statusOfSecondary
|
AccountStatus
|
Gets the status indicating whether the secondary location of the storage account is available or unavailable. Only available if the SKU name is Standard_GRS or Standard_RAGRS.
|
|
properties.storageAccountSkuConversionStatus
|
StorageAccountSkuConversionStatus
|
This property is readOnly and is set by server during asynchronous storage account sku conversion operations.
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Allows https traffic only to storage service if sets to true.
|
|
sku
|
Sku
|
Gets the SKU.
|
|
tags
|
object
|
Resource tags.
|
|
type
|
string
|
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
|
StorageAccountInternetEndpoints
The URIs that are used to perform a retrieval of a public blob, file, web or dfs object via a internet routing endpoint.
| Name |
Type |
Description |
|
blob
|
string
|
Gets the blob endpoint.
|
|
dfs
|
string
|
Gets the dfs endpoint.
|
|
file
|
string
|
Gets the file endpoint.
|
|
web
|
string
|
Gets the web endpoint.
|
StorageAccountMicrosoftEndpoints
The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object via a microsoft routing endpoint.
| Name |
Type |
Description |
|
blob
|
string
|
Gets the blob endpoint.
|
|
dfs
|
string
|
Gets the dfs endpoint.
|
|
file
|
string
|
Gets the file endpoint.
|
|
queue
|
string
|
Gets the queue endpoint.
|
|
table
|
string
|
Gets the table endpoint.
|
|
web
|
string
|
Gets the web endpoint.
|
StorageAccountSkuConversionStatus
This defines the sku conversion status object for asynchronous sku conversions.
| Name |
Type |
Description |
|
endTime
|
string
|
This property represents the sku conversion end time.
|
|
skuConversionStatus
|
SkuConversionStatus
|
This property indicates the current sku conversion status.
|
|
startTime
|
string
|
This property represents the sku conversion start time.
|
|
targetSkuName
|
SkuName
|
This property represents the target sku name to which the account sku is being converted asynchronously.
|
StorageAccountUpdateParameters
The parameters that can be provided when updating the storage account properties.
| Name |
Type |
Description |
|
identity
|
Identity
|
The identity of the resource.
|
|
kind
|
Kind
|
Optional. Indicates the type of storage account. Currently only StorageV2 value supported by server.
|
|
properties.accessTier
|
AccessTier
|
Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.
|
|
properties.allowBlobPublicAccess
|
boolean
|
Allow or disallow public access to all blobs or containers in the storage account. The default interpretation is false for this property.
|
|
properties.allowCrossTenantReplication
|
boolean
|
Allow or disallow cross AAD tenant object replication. Set this property to true for new or existing accounts only if object replication policies will involve storage accounts in different AAD tenants. The default interpretation is false for new accounts to follow best security practices by default.
|
|
properties.allowSharedKeyAccess
|
boolean
|
Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Provides the identity based authentication settings for Azure Files.
|
|
properties.customDomain
|
CustomDomain
|
Custom domain assigned to the storage account by the user. Name is the CNAME source. Only one custom domain is supported per storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name property.
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property.
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.
|
|
properties.enableExtendedGroups
|
boolean
|
Enables extended group support with local users feature, if set to true
|
|
properties.encryption
|
Encryption
|
Not applicable. Azure Storage encryption at rest is enabled by default for all storage accounts and cannot be disabled.
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
The property is immutable and can only be set to true at the account creation time. When set to true, it enables object level immutability for all the containers in the account by default.
|
|
properties.isLocalUserEnabled
|
boolean
|
Enables local users feature, if set to true
|
|
properties.isSftpEnabled
|
boolean
|
Enables Secure File Transfer Protocol, if set to true
|
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy assigned to the storage account.
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.
|
|
properties.networkAcls
|
NetworkRuleSet
|
Network rule set
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Allow, disallow, or let Network Security Perimeter configuration to evaluate public network access to Storage Account. Value is optional but if passed in, must be 'Enabled', 'Disabled' or 'SecuredByPerimeter'.
|
|
properties.routingPreference
|
RoutingPreference
|
Maintains information about the network routing choice opted by the user for data transfer
|
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy assigned to the storage account.
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Allows https traffic only to storage service if sets to true.
|
|
sku
|
Sku
|
Gets or sets the SKU name. Note that the SKU name cannot be updated to Standard_ZRS, Premium_LRS or Premium_ZRS, nor can accounts of those SKU names be updated to any other value.
|
|
tags
|
object
|
Gets or sets a list of key value pairs that describe the resource. These tags can be used in viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key no greater in length than 128 characters and a value no greater in length than 256 characters.
|
UserAssignedIdentity
UserAssignedIdentity for the resource.
| Name |
Type |
Description |
|
clientId
|
string
|
The client ID of the identity.
|
|
principalId
|
string
|
The principal ID of the identity.
|
VirtualNetworkRule
Virtual Network rule.
| Name |
Type |
Default value |
Description |
|
action
|
Action
|
Allow
|
The action of virtual network rule.
|
|
id
|
string
|
|
Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.
|
|
state
|
State
|
|
Gets the state of virtual network rule.
|