更新作業可用來更新記憶體帳戶的 SKU、加密、存取層或標籤。 它也可以用來將帳戶對應至自定義網域。 每個記憶體帳戶僅支援一個自定義網域;不支援自定義網域的取代/變更。 若要取代舊的自定義定義域,必須先清除/取消註冊舊的值,才能設定新的值。 支援更新多個屬性。 此呼叫不會變更帳戶的記憶體金鑰。 如果您想要變更記憶體帳戶金鑰,請使用重新產生金鑰作業。 建立之後,就無法變更記憶體帳戶的位置和名稱。
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2023-05-01
URI 參數
| 名稱 |
位於 |
必要 |
類型 |
Description |
|
accountName
|
path |
True
|
string
|
指定資源群組內的記憶體帳戶名稱。 儲存體帳戶名稱長度必須介於 3 到 24 個字元之間,且只能使用數位和小寫字母。
Regex 模式: ^[a-z0-9]+$
|
|
resourceGroupName
|
path |
True
|
string
|
用戶訂用帳戶內的資源組名。 名稱不區分大小寫。
Regex 模式: ^[-\w\._\(\)]+$
|
|
subscriptionId
|
path |
True
|
string
|
目標訂用帳戶的標識碼。
|
|
api-version
|
query |
True
|
string
|
要用於這項作業的 API 版本。
|
要求本文
| 名稱 |
類型 |
Description |
|
identity
|
Identity
|
資源的身分識別。
|
|
kind
|
Kind
|
自選。 指出記憶體帳戶的類型。 目前只有伺服器支援的 StorageV2 值。
|
|
properties.accessTier
|
AccessTier
|
類型 = BlobStorage 的記憶體帳戶需要 。 存取層用於計費。 「進階」存取層是進階區塊 Blob 記憶體帳戶類型的預設值,而且無法變更進階區塊 Blob 記憶體帳戶類型。
|
|
properties.allowBlobPublicAccess
|
boolean
|
允許或不允許公用存取記憶體帳戶中的所有 Blob 或容器。 此屬性的默認解譯為 false。
|
|
properties.allowCrossTenantReplication
|
boolean
|
允許或不允許跨 AAD 租使用者物件複寫。 只有當物件復寫策略將涉及不同 AAD 租使用者的記憶體帳戶時,才將此屬性設定為 true。 根據預設,新帳戶預設會遵循最佳安全性作法的默認解譯為 false。
|
|
properties.allowSharedKeyAccess
|
boolean
|
指出記憶體帳戶是否允許透過共用密鑰使用帳戶存取金鑰授權要求。 如果為 false,則所有要求,包括共用存取簽章,都必須獲得 Azure Active Directory (Azure AD) 的授權。 默認值為 null,相當於 true。
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
限制從 AAD 租使用者內的記憶體帳戶,或使用相同 VNet 的私人連結來回復制。
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
提供 Azure 檔案記憶體的身分識別型驗證設定。
|
|
properties.customDomain
|
CustomDomain
|
使用者指派給記憶體帳戶的自定義網域。 名稱是 CNAME 來源。 目前每個記憶體帳戶只支援一個自定義網域。 若要清除現有的自定義網域,請使用自定義功能變數名稱屬性的空字串。
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
布爾值旗標,指出預設驗證是否為 OAuth。 此屬性的默認解譯為 false。
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
可讓您指定端點的類型。 將此設定為 AzureDNSZone 以在單一訂用帳戶中建立大量帳戶,這會在 Azure DNS 區域中建立帳戶,而端點 URL 將會有英數位元 DNS 區域標識符。
|
|
properties.enableExtendedGroups
|
boolean
|
如果設定為 true,則啟用本機使用者功能的擴充群組支援
|
|
properties.encryption
|
Encryption
|
不適用。 預設會為所有記憶體帳戶啟用待用 Azure 記憶體加密,且無法停用。
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
屬性是不可變的,而且只能在帳戶建立期間設定為 true。 設定為 true 時,預設會啟用帳戶中所有容器的物件層級不變性。
|
|
properties.isLocalUserEnabled
|
boolean
|
如果設定為 true,則啟用本機使用者功能
|
|
properties.isSftpEnabled
|
boolean
|
如果設定為 true,則啟用安全檔案傳輸通訊協定
|
|
properties.keyPolicy
|
KeyPolicy
|
指派給記憶體帳戶的 KeyPolicy。
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
如果設定為 [已啟用],則允許大型檔案共用。 一旦啟用,就無法停用它。
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
將要求對記憶體的要求設定為允許的最低 TLS 版本。 此屬性的預設解譯為 TLS 1.0。
|
|
properties.networkAcls
|
NetworkRuleSet
|
網路規則集
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
允許、不允許或允許網路安全性周邊設定評估記憶體帳戶的公用網路存取權。 值為選擇性值,但如果傳入,必須是 'Enabled'、'Disabled' 或 'SecuredByPerimeter'。
|
|
properties.routingPreference
|
RoutingPreference
|
維護使用者選擇進行數據傳輸的網路路由選擇相關信息
|
|
properties.sasPolicy
|
SasPolicy
|
指派給記憶體帳戶的 SasPolicy。
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
如果設定為 true,則只允許 HTTPs 流量到記憶體服務。
|
|
sku
|
Sku
|
取得或設定 SKU 名稱。 請注意,SKU 名稱無法更新為Standard_ZRS、Premium_LRS或Premium_ZRS,也無法將這些 SKU 名稱的帳戶更新為任何其他值。
|
|
tags
|
object
|
取得或設定描述資源的索引鍵值組清單。 這些標籤可用於檢視和群組此資源(跨資源群組)。 最多可為資源提供15個標籤。 每個標記的長度必須不超過 128 個字元,且長度不超過 256 個字元的值。
|
回應
安全性
azure_auth
Azure Active Directory OAuth2 Flow
類型:
oauth2
Flow:
implicit
授權 URL:
https://login.microsoftonline.com/common/oauth2/authorize
範圍
| 名稱 |
Description |
|
user_impersonation
|
模擬您的用戶帳戶
|
範例
StorageAccountEnableAD
範例要求
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"azureFilesIdentityBasedAuthentication": {
"directoryServiceOptions": "AD",
"activeDirectoryProperties": {
"domainName": "adtest.com",
"netBiosDomainName": "adtest.com",
"forestName": "adtest.com",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"samAccountName": "sam12498",
"accountType": "User"
}
}
}
}
import com.azure.resourcemanager.storage.models.ActiveDirectoryProperties;
import com.azure.resourcemanager.storage.models.ActiveDirectoryPropertiesAccountType;
import com.azure.resourcemanager.storage.models.AzureFilesIdentityBasedAuthentication;
import com.azure.resourcemanager.storage.models.DirectoryServiceOptions;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
*/
/**
* Sample code: StorageAccountEnableAD.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountEnableAD(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters().withAzureFilesIdentityBasedAuthentication(
new AzureFilesIdentityBasedAuthentication().withDirectoryServiceOptions(DirectoryServiceOptions.AD)
.withActiveDirectoryProperties(new ActiveDirectoryProperties().withDomainName("adtest.com")
.withNetBiosDomainName("adtest.com").withForestName("adtest.com")
.withDomainGuid("aebfc118-9fa9-4732-a21f-d98e41a77ae1")
.withDomainSid("S-1-5-21-2400535526-2334094090-2402026252")
.withAzureStorageSid("S-1-5-21-2400535526-2334094090-2402026252-0012")
.withSamAccountName("sam12498").withAccountType(ActiveDirectoryPropertiesAccountType.USER))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_enable_ad.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"azureFilesIdentityBasedAuthentication": {
"activeDirectoryProperties": {
"accountType": "User",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainName": "adtest.com",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"forestName": "adtest.com",
"netBiosDomainName": "adtest.com",
"samAccountName": "sam12498",
},
"directoryServiceOptions": "AD",
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
func ExampleAccountsClient_Update_storageAccountEnableAd() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AzureFilesIdentityBasedAuthentication: &armstorage.AzureFilesIdentityBasedAuthentication{
ActiveDirectoryProperties: &armstorage.ActiveDirectoryProperties{
AccountType: to.Ptr(armstorage.ActiveDirectoryPropertiesAccountTypeUser),
AzureStorageSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252-0012"),
DomainGUID: to.Ptr("aebfc118-9fa9-4732-a21f-d98e41a77ae1"),
DomainName: to.Ptr("adtest.com"),
DomainSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252"),
ForestName: to.Ptr("adtest.com"),
NetBiosDomainName: to.Ptr("adtest.com"),
SamAccountName: to.Ptr("sam12498"),
},
DirectoryServiceOptions: to.Ptr(armstorage.DirectoryServiceOptionsAD),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AzureFilesIdentityBasedAuthentication: &armstorage.AzureFilesIdentityBasedAuthentication{
// ActiveDirectoryProperties: &armstorage.ActiveDirectoryProperties{
// AccountType: to.Ptr(armstorage.ActiveDirectoryPropertiesAccountTypeUser),
// AzureStorageSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252-0012"),
// DomainGUID: to.Ptr("aebfc118-9fa9-4732-a21f-d98e41a77ae1"),
// DomainName: to.Ptr("adtest.com"),
// DomainSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252"),
// ForestName: to.Ptr("adtest.com"),
// NetBiosDomainName: to.Ptr("adtest.com"),
// SamAccountName: to.Ptr("sam12498"),
// },
// DirectoryServiceOptions: to.Ptr(armstorage.DirectoryServiceOptionsAD),
// },
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
*/
async function storageAccountEnableAd() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
azureFilesIdentityBasedAuthentication: {
activeDirectoryProperties: {
accountType: "User",
azureStorageSid: "S-1-5-21-2400535526-2334094090-2402026252-0012",
domainGuid: "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
domainName: "adtest.com",
domainSid: "S-1-5-21-2400535526-2334094090-2402026252",
forestName: "adtest.com",
netBiosDomainName: "adtest.com",
samAccountName: "sam12498",
},
directoryServiceOptions: "AD",
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
AzureFilesIdentityBasedAuthentication = new FilesIdentityBasedAuthentication(DirectoryServiceOption.AD)
{
ActiveDirectoryProperties = new StorageActiveDirectoryProperties("adtest.com", Guid.Parse("aebfc118-9fa9-4732-a21f-d98e41a77ae1"))
{
NetBiosDomainName = "adtest.com",
ForestName = "adtest.com",
DomainSid = "S-1-5-21-2400535526-2334094090-2402026252",
AzureStorageSid = "S-1-5-21-2400535526-2334094090-2402026252-0012",
SamAccountName = "sam12498",
AccountType = ActiveDirectoryAccountType.User,
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"creationTime": "2017-06-01T02:42:41.7633306Z",
"azureFilesIdentityBasedAuthentication": {
"directoryServiceOptions": "AD",
"activeDirectoryProperties": {
"domainName": "adtest.com",
"netBiosDomainName": "adtest.com",
"forestName": "adtest.com",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"samAccountName": "sam12498",
"accountType": "User"
}
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/"
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountEnableCMK
範例要求
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
*/
/**
* Sample code: StorageAccountEnableCMK.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountEnableCMK(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters().withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_enable_cmk.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
func ExampleAccountsClient_Update_storageAccountEnableCmk() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeSystemAssigned),
// PrincipalID: to.Ptr("911871cc-ffd1-4fc4-ac11-7a316433ea66"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
*/
async function storageAccountEnableCmk() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
encryption: {
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties()
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"identity": {
"principalId": "911871cc-ffd1-4fc4-ac11-7a316433ea66",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"type": "SystemAssigned"
},
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"creationTime": "2017-06-01T02:42:41.7633306Z",
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
}
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/"
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdate
範例要求
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"isSftpEnabled": true,
"isLocalUserEnabled": true,
"enableExtendedGroups": true,
"defaultToOAuthAuthentication": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
}
}
}
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
*/
/**
* Sample code: StorageAccountUpdate.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdate(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20)).withIsSftpEnabled(true)
.withIsLocalUserEnabled(true).withEnableExtendedGroups(true)
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"enableExtendedGroups": True,
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isLocalUserEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
func ExampleAccountsClient_Update_storageAccountUpdate() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
EnableExtendedGroups: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsLocalUserEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// EnableExtendedGroups: to.Ptr(true),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// IsLocalUserEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
*/
async function storageAccountUpdate() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
enableExtendedGroups: true,
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
isLocalUserEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
IsSftpEnabled = true,
IsLocalUserEnabled = true,
IsExtendedGroupEnabled = true,
NetworkRuleSet = new StorageAccountNetworkRuleSet(StorageNetworkDefaultAction.Allow)
{
ResourceAccessRules =
{
new StorageAccountResourceAccessRule()
{
TenantId = Guid.Parse("72f988bf-86f1-41af-91ab-2d7cd011db47"),
ResourceId = new ResourceIdentifier("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
}
},
},
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
IsDefaultToOAuthAuthentication = false,
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"isSftpEnabled": true,
"isLocalUserEnabled": true,
"enableExtendedGroups": true,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateAllowedCopyScopeToAAD
範例要求
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"allowedCopyScope": "AAD"
}
}
import com.azure.resourcemanager.storage.models.AllowedCopyScope;
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateAllowedCopyScopeToAAD.json
*/
/**
* Sample code: StorageAccountUpdateAllowedCopyScopeToAAD.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateAllowedCopyScopeToAAD(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withAllowedCopyScope(AllowedCopyScope.AAD),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_allowed_copy_scope_to_aad.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"allowedCopyScope": "AAD",
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
func ExampleAccountsClient_Update_storageAccountUpdateAllowedCopyScopeToAad() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
*/
async function storageAccountUpdateAllowedCopyScopeToAad() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
allowedCopyScope: "AAD",
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
NetworkRuleSet = new StorageAccountNetworkRuleSet(StorageNetworkDefaultAction.Allow)
{
ResourceAccessRules =
{
new StorageAccountResourceAccessRule()
{
TenantId = Guid.Parse("72f988bf-86f1-41af-91ab-2d7cd011db47"),
ResourceId = new ResourceIdentifier("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
}
},
},
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
AllowedCopyScope = AllowedCopyScope.Aad,
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"allowedCopyScope": "AAD",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateDisablePublicNetworkAccess
範例要求
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"publicNetworkAccess": "Disabled"
}
}
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.PublicNetworkAccess;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateDisablePublicNetworkAccess.json
*/
/**
* Sample code: StorageAccountUpdateDisablePublicNetworkAccess.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountUpdateDisablePublicNetworkAccess(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withPublicNetworkAccess(PublicNetworkAccess.DISABLED),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_disable_public_network_access.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"publicNetworkAccess": "Disabled",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
func ExampleAccountsClient_Update_storageAccountUpdateDisablePublicNetworkAccess() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
*/
async function storageAccountUpdateDisablePublicNetworkAccess() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
publicNetworkAccess: "Disabled",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
NetworkRuleSet = new StorageAccountNetworkRuleSet(StorageNetworkDefaultAction.Allow)
{
ResourceAccessRules =
{
new StorageAccountResourceAccessRule()
{
TenantId = Guid.Parse("72f988bf-86f1-41af-91ab-2d7cd011db47"),
ResourceId = new ResourceIdentifier("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
}
},
},
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
PublicNetworkAccess = StoragePublicNetworkAccess.Disabled,
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"publicNetworkAccess": "Disabled",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK
範例要求
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
},
"keySource": "Microsoft.Keyvault",
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
*/
/**
* Sample code: StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateUserAssignedEncryptionIdentityWithCMK(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9101", "sto4445",
new StorageAccountUpdateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withKind(Kind.STORAGE)
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_user_assigned_encryption_identity_with_cmk.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"properties": {
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
func ExampleAccountsClient_Update_storageAccountUpdateUserAssignedEncryptionIdentityWithCmk() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9101", "sto4445", armstorage.AccountUpdateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
*/
async function storageAccountUpdateUserAssignedEncryptionIdentityWithCmk() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
string accountName = "sto4445";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Sku = new StorageSku(StorageSkuName.StandardLrs),
Identity = new ManagedServiceIdentity("UserAssigned")
{
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")] = new UserAssignedIdentity(),
},
},
Kind = StorageKind.Storage,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties()
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
EncryptionIdentity = new StorageAccountEncryptionIdentity()
{
EncryptionUserAssignedIdentity = "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7",
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5"
}
},
"type": "UserAssigned"
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"location": "eastus",
"tags": {},
"properties": {
"privateEndpointConnections": [],
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
},
"keySource": "Microsoft.Keyvault"
},
"accessTier": "Hot",
"provisioningState": "Succeeded",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/"
},
"primaryLocation": "eastus",
"statusOfPrimary": "available"
}
}
StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId
範例要求
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res131918/providers/Microsoft.Storage/storageAccounts/sto131918?api-version=2023-05-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
},
"keySource": "Microsoft.Keyvault",
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6"
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
/**
* Sample code: StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res131918",
"sto131918",
new StorageAccountUpdateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withKind(Kind.STORAGE)
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")
.withEncryptionFederatedIdentityClientId("3109d1c4-a5de-4d84-8832-feabb916a4b6"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_user_assigned_identity_with_federated_identity_client_id.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res131918",
account_name="sto131918",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"properties": {
"encryption": {
"identity": {
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6",
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
func ExampleAccountsClient_Update_storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res131918", "sto131918", armstorage.AccountUpdateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionFederatedIdentityClientID: to.Ptr("3109d1c4-a5de-4d84-8832-feabb916a4b6"),
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionFederatedIdentityClientID: to.Ptr("3109d1c4-a5de-4d84-8832-feabb916a4b6"),
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
async function storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res131918";
const accountName = "sto131918";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionFederatedIdentityClientId: "3109d1c4-a5de-4d84-8832-feabb916a4b6",
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res131918";
string accountName = "sto131918";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Sku = new StorageSku(StorageSkuName.StandardLrs),
Identity = new ManagedServiceIdentity("UserAssigned")
{
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")] = new UserAssignedIdentity(),
},
},
Kind = StorageKind.Storage,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties()
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
EncryptionIdentity = new StorageAccountEncryptionIdentity()
{
EncryptionUserAssignedIdentity = "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
EncryptionFederatedIdentityClientId = "3109d1c4-a5de-4d84-8832-feabb916a4b6",
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7",
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5"
}
},
"type": "UserAssigned"
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"location": "eastus",
"tags": {},
"properties": {
"privateEndpointConnections": [],
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6"
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
},
"keySource": "Microsoft.Keyvault"
},
"accessTier": "Hot",
"provisioningState": "Succeeded",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/"
},
"primaryLocation": "eastus",
"statusOfPrimary": "available"
}
}
StorageAccountUpdateWithImmutabilityPolicy
範例要求
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"immutableStorageWithVersioning": {
"immutabilityPolicy": {
"immutabilityPeriodSinceCreationInDays": 15,
"allowProtectedAppendWrites": true,
"state": "Locked"
},
"enabled": true
}
}
}
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyProperties;
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyState;
import com.azure.resourcemanager.storage.models.ImmutableStorageAccount;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateWithImmutabilityPolicy.json
*/
/**
* Sample code: StorageAccountUpdateWithImmutabilityPolicy.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountUpdateWithImmutabilityPolicy(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withImmutableStorageWithVersioning(new ImmutableStorageAccount().withEnabled(true)
.withImmutabilityPolicy(new AccountImmutabilityPolicyProperties()
.withImmutabilityPeriodSinceCreationInDays(15)
.withState(AccountImmutabilityPolicyState.LOCKED).withAllowProtectedAppendWrites(true))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_with_immutability_policy.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"immutableStorageWithVersioning": {
"enabled": True,
"immutabilityPolicy": {
"allowProtectedAppendWrites": True,
"immutabilityPeriodSinceCreationInDays": 15,
"state": "Locked",
},
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
func ExampleAccountsClient_Update_storageAccountUpdateWithImmutabilityPolicy() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
Enabled: to.Ptr(true),
ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
AllowProtectedAppendWrites: to.Ptr(true),
ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
State: to.Ptr(armstorage.AccountImmutabilityPolicyStateLocked),
},
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
// Enabled: to.Ptr(true),
// ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
// AllowProtectedAppendWrites: to.Ptr(true),
// ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
// State: to.Ptr(armstorage.AccountImmutabilityPolicyStateLocked),
// },
// },
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
*/
async function storageAccountUpdateWithImmutabilityPolicy() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
immutableStorageWithVersioning: {
enabled: true,
immutabilityPolicy: {
allowProtectedAppendWrites: true,
immutabilityPeriodSinceCreationInDays: 15,
state: "Locked",
},
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
ImmutableStorageWithVersioning = new ImmutableStorageAccount()
{
IsEnabled = true,
ImmutabilityPolicy = new AccountImmutabilityPolicy()
{
ImmutabilityPeriodSinceCreationInDays = 15,
State = AccountImmutabilityPolicyState.Locked,
AllowProtectedAppendWrites = true,
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"immutableStorageWithVersioning": {
"immutabilityPolicy": {
"immutabilityPeriodSinceCreationInDays": 15,
"allowProtectedAppendWrites": true,
"state": "Locked"
},
"enabled": true
}
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
定義
AccessTier
類型 = BlobStorage 的記憶體帳戶需要 。 存取層用於計費。 「進階」存取層是進階區塊 Blob 記憶體帳戶類型的預設值,而且無法變更進階區塊 Blob 記憶體帳戶類型。
| 名稱 |
類型 |
Description |
|
Cold
|
string
|
|
|
Cool
|
string
|
|
|
Hot
|
string
|
|
|
Premium
|
string
|
|
AccountImmutabilityPolicyProperties
這會定義帳戶層級不變性原則屬性。
| 名稱 |
類型 |
Description |
|
allowProtectedAppendWrites
|
boolean
|
此屬性只能針對停用和解除鎖定的時間型保留原則進行變更。 啟用時,新的區塊可以寫入附加 Blob,同時維護不變性保護和合規性。 只能新增新的區塊,而且任何現有的區塊都無法修改或刪除。
|
|
immutabilityPeriodSinceCreationInDays
|
integer
|
自原則建立后,容器中 Blob 的不變性期間,以天為單位。
|
|
state
|
AccountImmutabilityPolicyState
|
ImmutabilityPolicy 狀態會定義原則的模式。 停用狀態會停用原則、解除鎖定狀態允許增加和減少不變性保留時間,也允許切換allowProtectedAppendWrites屬性,鎖定狀態只允許增加不變性保留時間。 原則只能以 [已停用] 或 [解除鎖定] 狀態建立,而且可以在兩個狀態之間切換。 只有處於解除鎖定狀態的原則可以轉換為無法還原的鎖定狀態。
|
AccountImmutabilityPolicyState
ImmutabilityPolicy 狀態會定義原則的模式。 停用狀態會停用原則、解除鎖定狀態允許增加和減少不變性保留時間,也允許切換allowProtectedAppendWrites屬性,鎖定狀態只允許增加不變性保留時間。 原則只能以 [已停用] 或 [解除鎖定] 狀態建立,而且可以在兩個狀態之間切換。 只有處於解除鎖定狀態的原則可以轉換為無法還原的鎖定狀態。
| 名稱 |
類型 |
Description |
|
Disabled
|
string
|
|
|
Locked
|
string
|
|
|
Unlocked
|
string
|
|
AccountStatus
取得狀態,指出記憶體帳戶的主要位置是否可用或無法使用。
| 名稱 |
類型 |
Description |
|
available
|
string
|
|
|
unavailable
|
string
|
|
AccountType
指定 Azure 記憶體的 Active Directory 帳戶類型。
| 名稱 |
類型 |
Description |
|
Computer
|
string
|
|
|
User
|
string
|
|
Action
虛擬網路規則的動作。
| 名稱 |
類型 |
Description |
|
Allow
|
string
|
|
ActiveDirectoryProperties
Active Directory (AD) 的設定屬性。
| 名稱 |
類型 |
Description |
|
accountType
|
AccountType
|
指定 Azure 記憶體的 Active Directory 帳戶類型。
|
|
azureStorageSid
|
string
|
指定 Azure 記憶體的安全性識別碼 (SID)。
|
|
domainGuid
|
string
|
指定網域 GUID。
|
|
domainName
|
string
|
指定AD DNS 伺服器授權的主要網域。
|
|
domainSid
|
string
|
指定安全性識別碼 (SID)。
|
|
forestName
|
string
|
指定要取得的 Active Directory 樹系。
|
|
netBiosDomainName
|
string
|
指定 NetBIOS 功能變數名稱。
|
|
samAccountName
|
string
|
指定 Azure 記憶體的 Active Directory SAMAccountName。
|
AllowedCopyScope
限制從 AAD 租使用者內的記憶體帳戶,或使用相同 VNet 的私人連結來回復制。
| 名稱 |
類型 |
Description |
|
AAD
|
string
|
|
|
PrivateLink
|
string
|
|
AzureFilesIdentityBasedAuthentication
Azure 檔案記憶體身分識別型驗證的設定。
BlobRestoreParameters
Blob 還原參數
| 名稱 |
類型 |
Description |
|
blobRanges
|
BlobRestoreRange[]
|
要還原的 Blob 範圍。
|
|
timeToRestore
|
string
|
將 Blob 還原至指定的時間。
|
BlobRestoreProgressStatus
Blob 還原進度的狀態。 可能的值為: - InProgress:指出 Blob 還原正在進行中。 - 完成:表示 Blob 還原已順利完成。 - 失敗:表示 Blob 還原失敗。
| 名稱 |
類型 |
Description |
|
Complete
|
string
|
|
|
Failed
|
string
|
|
|
InProgress
|
string
|
|
BlobRestoreRange
Blob 範圍
| 名稱 |
類型 |
Description |
|
endRange
|
string
|
Blob 結束範圍。 這是獨佔的。 空白表示帳戶結束。
|
|
startRange
|
string
|
Blob 開始範圍。 這是包容性的。 空白表示帳戶開始。
|
BlobRestoreStatus
Blob 還原狀態。
| 名稱 |
類型 |
Description |
|
failureReason
|
string
|
Blob 還原失敗時的失敗原因。
|
|
parameters
|
BlobRestoreParameters
|
Blob 還原要求參數。
|
|
restoreId
|
string
|
追蹤 Blob 還原要求的標識碼。
|
|
status
|
BlobRestoreProgressStatus
|
Blob 還原進度的狀態。 可能的值為: - InProgress:指出 Blob 還原正在進行中。 - 完成:表示 Blob 還原已順利完成。 - 失敗:表示 Blob 還原失敗。
|
Bypass
指定是否略過記錄/計量/AzureServices 的流量。 可能的值為記錄的任何組合|計量|AzureServices (例如,「記錄、計量」或 [無] 以略過這些流量。
| 名稱 |
類型 |
Description |
|
AzureServices
|
string
|
|
|
Logging
|
string
|
|
|
Metrics
|
string
|
|
|
None
|
string
|
|
CustomDomain
指派給此記憶體帳戶的自定義網域。 這可以透過Update來設定。
| 名稱 |
類型 |
Description |
|
name
|
string
|
取得或設定指派給記憶體帳戶的自定義功能變數名稱。 名稱是 CNAME 來源。
|
|
useSubDomainName
|
boolean
|
指出是否啟用間接 CName 驗證。 默認值為 false。 這應該只在更新時設定。
|
DefaultAction
指定當沒有其他規則相符時,允許或拒絕的默認動作。
| 名稱 |
類型 |
Description |
|
Allow
|
string
|
|
|
Deny
|
string
|
|
DefaultSharePermission
如果未指派 RBAC 角色,則使用 Kerberos 驗證的使用者預設共享許可權。
| 名稱 |
類型 |
Description |
|
None
|
string
|
|
|
StorageFileDataSmbShareContributor
|
string
|
|
|
StorageFileDataSmbShareElevatedContributor
|
string
|
|
|
StorageFileDataSmbShareReader
|
string
|
|
DirectoryServiceOptions
表示所使用的目錄服務。 請注意,未來可能會擴充此列舉。
| 名稱 |
類型 |
Description |
|
AADDS
|
string
|
|
|
AADKERB
|
string
|
|
|
AD
|
string
|
|
|
None
|
string
|
|
DnsEndpointType
可讓您指定端點的類型。 將此設定為 AzureDNSZone 以在單一訂用帳戶中建立大量帳戶,這會在 Azure DNS 區域中建立帳戶,而端點 URL 將會有英數位元 DNS 區域標識符。
| 名稱 |
類型 |
Description |
|
AzureDnsZone
|
string
|
|
|
Standard
|
string
|
|
Encryption
記憶體帳戶上的加密設定。
| 名稱 |
類型 |
預設值 |
Description |
|
identity
|
EncryptionIdentity
|
|
要與待用服務端加密搭配使用的身分識別。
|
|
keySource
|
KeySource
|
Microsoft.Storage
|
加密金鑰來源(提供者)。 可能的值(不區分大小寫):Microsoft.Storage、Microsoft.Keyvault
|
|
keyvaultproperties
|
KeyVaultProperties
|
|
金鑰保存庫所提供的屬性。
|
|
requireInfrastructureEncryption
|
boolean
|
|
布爾值,指出服務是否使用平臺管理密鑰來套用次要加密層,以供待用數據使用。
|
|
services
|
EncryptionServices
|
|
支援加密的服務清單。
|
EncryptionIdentity
記憶體帳戶的加密身分識別。
| 名稱 |
類型 |
Description |
|
federatedIdentityClientId
|
string
|
要與記憶體帳戶上跨租用戶客戶管理密鑰伺服器端加密的使用者指派身分識別搭配使用之多租使用者應用程式的 ClientId。
|
|
userAssignedIdentity
|
string
|
要與記憶體帳戶上的伺服器端加密相關聯的 UserAssigned 身分識別資源識別碼。
|
EncryptionService
允許使用伺服器端加密的服務。
| 名稱 |
類型 |
Description |
|
enabled
|
boolean
|
布爾值,指出服務是否在儲存數據時加密數據。 目前預設會啟用待用加密,因此無法停用。
|
|
keyType
|
KeyType
|
要用於加密服務的加密金鑰類型。 「帳戶」金鑰類型表示將會使用帳戶範圍的加密金鑰。 'Service' 金鑰類型表示會使用預設服務金鑰。
|
|
lastEnabledTime
|
string
|
取得使用者上次啟用加密時的日期/時間粗略估計。 目前預設會加密待用數據,因此無法停用。
|
EncryptionServices
支援加密的服務清單。
Endpoints
用來擷取公用 Blob、佇列、數據表、Web 或 dfs 物件的 URI。
ExpirationAction
SAS 到期動作會定義違反 sasPolicy.sasExpirationPeriod 時要執行的動作。 「記錄」動作可用於稽核目的,而「封鎖」動作可用來封鎖和拒絕使用不符合 sas 原則到期期限的 SAS 令牌。
| 名稱 |
類型 |
Description |
|
Block
|
string
|
|
|
Log
|
string
|
|
ExtendedLocation
擴充位置的複雜類型。
ExtendedLocationTypes
擴充位置的類型。
| 名稱 |
類型 |
Description |
|
EdgeZone
|
string
|
|
GeoReplicationStats
記憶體帳戶 Blob、數據表、佇列和檔案服務的復寫相關統計數據。 只有在記憶體帳戶啟用異地備援複寫時,才能使用。
| 名稱 |
類型 |
Description |
|
canFailover
|
boolean
|
布爾值旗標,指出帳戶是否支持帳戶故障轉移。
|
|
canPlannedFailover
|
boolean
|
布爾值旗標,指出帳戶是否支持計劃性帳戶故障轉移。
|
|
lastSyncTime
|
string
|
此 UTC 日期/時間值之前的所有主要寫入都保證可供讀取作業使用。 在這段時間點之後的主要寫入可能無法用於讀取。 如果 LastSyncTime 的值無法使用,元素可能是預設值,如果次要資料庫已離機或處於啟動程式,就可能發生此情況。
|
|
postFailoverRedundancy
|
postFailoverRedundancy
|
執行帳戶故障轉移之後帳戶的備援類型。
|
|
postPlannedFailoverRedundancy
|
postPlannedFailoverRedundancy
|
執行計劃性帳戶故障轉移之後,帳戶的備援類型。
|
|
status
|
GeoReplicationStatus
|
次要位置的狀態。 可能的值為: - Live:指出次要位置為作用中且可運作。 - 啟動程式:指出主要位置到次要位置的初始同步處理正在進行中。這通常會在第一次啟用複寫時發生。 - 無法使用:表示次要位置暫時無法使用。
|
GeoReplicationStatus
次要位置的狀態。 可能的值為: - Live:指出次要位置為作用中且可運作。 - 啟動程式:指出主要位置到次要位置的初始同步處理正在進行中。這通常會在第一次啟用複寫時發生。 - 無法使用:表示次要位置暫時無法使用。
| 名稱 |
類型 |
Description |
|
Bootstrap
|
string
|
|
|
Live
|
string
|
|
|
Unavailable
|
string
|
|
Identity
資源的身分識別。
| 名稱 |
類型 |
Description |
|
principalId
|
string
|
資源識別的主要標識碼。
|
|
tenantId
|
string
|
資源的租用戶標識碼。
|
|
type
|
IdentityType
|
識別類型。
|
|
userAssignedIdentities
|
<string,
UserAssignedIdentity>
|
取得或設定索引鍵值組的清單,描述將搭配此儲存體帳戶使用的一組使用者指派身分識別。 金鑰是身分識別的 ARM 資源識別碼。 這裡只允許 1 個使用者指派的身分識別。
|
IdentityType
識別類型。
| 名稱 |
類型 |
Description |
|
None
|
string
|
|
|
SystemAssigned
|
string
|
|
|
SystemAssigned,UserAssigned
|
string
|
|
|
UserAssigned
|
string
|
|
ImmutableStorageAccount
這個屬性會啟用並定義帳戶層級不變性。 啟用此功能會自動啟用 Blob 版本設定。
| 名稱 |
類型 |
Description |
|
enabled
|
boolean
|
布爾值旗標,可啟用帳戶層級不變性。 這類帳戶下的所有容器預設都會啟用物件層級不變性。
|
|
immutabilityPolicy
|
AccountImmutabilityPolicyProperties
|
指定繼承並套用至物件層級沒有明確不變性原則的對象的預設帳戶層級不變性原則。 物件層級不變性原則的優先順序高於容器層級不變性原則,其優先順序高於帳戶層級不變性原則。
|
IPRule
具有 CIDR 格式之特定 IP 或 IP 範圍的 IP 規則。
| 名稱 |
類型 |
預設值 |
Description |
|
action
|
Action
|
Allow
|
IP ACL 規則的動作。
|
|
value
|
string
|
|
以 CIDR 格式指定 IP 或 IP 範圍。 只允許 IPV4 位址。
|
KeyCreationTime
儲存體帳戶金鑰建立時間。
| 名稱 |
類型 |
Description |
|
key1
|
string
|
|
|
key2
|
string
|
|
KeyPolicy
指派給記憶體帳戶的 KeyPolicy。
| 名稱 |
類型 |
Description |
|
keyExpirationPeriodInDays
|
integer
|
金鑰到期期間以天為單位。
|
KeySource
加密金鑰來源(提供者)。 可能的值(不區分大小寫):Microsoft.Storage、Microsoft.Keyvault
| 名稱 |
類型 |
Description |
|
Microsoft.Keyvault
|
string
|
|
|
Microsoft.Storage
|
string
|
|
KeyType
要用於加密服務的加密金鑰類型。 「帳戶」金鑰類型表示將會使用帳戶範圍的加密金鑰。 'Service' 金鑰類型表示會使用預設服務金鑰。
| 名稱 |
類型 |
Description |
|
Account
|
string
|
|
|
Service
|
string
|
|
KeyVaultProperties
金鑰保存庫的屬性。
| 名稱 |
類型 |
Description |
|
currentVersionedKeyExpirationTimestamp
|
string
|
這是唯讀屬性,表示用於加密的客戶管理金鑰目前版本的到期時間。
|
|
currentVersionedKeyIdentifier
|
string
|
目前使用中已建立版本的 Key Vault 金鑰的物件識別碼。
|
|
keyname
|
string
|
KeyVault 金鑰的名稱。
|
|
keyvaulturi
|
string
|
KeyVault 的 URI。
|
|
keyversion
|
string
|
KeyVault 金鑰的版本。
|
|
lastKeyRotationTimestamp
|
string
|
Key Vault 金鑰上次輪替的時間戳。
|
Kind
指出記憶體帳戶的類型。
| 名稱 |
類型 |
Description |
|
BlobStorage
|
string
|
|
|
BlockBlobStorage
|
string
|
|
|
FileStorage
|
string
|
|
|
Storage
|
string
|
|
|
StorageV2
|
string
|
|
LargeFileSharesState
如果設定為 [已啟用],則允許大型檔案共用。 一旦啟用,就無法停用它。
| 名稱 |
類型 |
Description |
|
Disabled
|
string
|
|
|
Enabled
|
string
|
|
MinimumTlsVersion
將要求對記憶體的要求設定為允許的最低 TLS 版本。 此屬性的預設解譯為 TLS 1.0。
| 名稱 |
類型 |
Description |
|
TLS1_0
|
string
|
|
|
TLS1_1
|
string
|
|
|
TLS1_2
|
string
|
|
|
TLS1_3
|
string
|
|
NetworkRuleSet
網路規則集
| 名稱 |
類型 |
預設值 |
Description |
|
bypass
|
Bypass
|
AzureServices
|
指定是否略過記錄/計量/AzureServices 的流量。 可能的值為記錄的任何組合|計量|AzureServices (例如,「記錄、計量」或 [無] 以略過這些流量。
|
|
defaultAction
|
DefaultAction
|
Allow
|
指定當沒有其他規則相符時,允許或拒絕的默認動作。
|
|
ipRules
|
IPRule[]
|
|
設定IP ACL規則
|
|
resourceAccessRules
|
ResourceAccessRule[]
|
|
設定資源存取規則
|
|
virtualNetworkRules
|
VirtualNetworkRule[]
|
|
設定虛擬網路規則
|
postFailoverRedundancy
執行帳戶故障轉移之後帳戶的備援類型。
| 名稱 |
類型 |
Description |
|
Standard_LRS
|
string
|
|
|
Standard_ZRS
|
string
|
|
postPlannedFailoverRedundancy
執行計劃性帳戶故障轉移之後,帳戶的備援類型。
| 名稱 |
類型 |
Description |
|
Standard_GRS
|
string
|
|
|
Standard_GZRS
|
string
|
|
|
Standard_RAGRS
|
string
|
|
|
Standard_RAGZRS
|
string
|
|
PrivateEndpoint
私人端點資源。
| 名稱 |
類型 |
Description |
|
id
|
string
|
私人端點的ARM標識碼
|
PrivateEndpointConnection
私人端點聯機資源。
| 名稱 |
類型 |
Description |
|
id
|
string
|
資源的完整資源標識碼。 例如 - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
name
|
string
|
資源的名稱
|
|
properties.privateEndpoint
|
PrivateEndpoint
|
私人端點的資源。
|
|
properties.privateLinkServiceConnectionState
|
PrivateLinkServiceConnectionState
|
服務取用者與提供者之間連線狀態的相關信息集合。
|
|
properties.provisioningState
|
PrivateEndpointConnectionProvisioningState
|
私人端點聯機資源的布建狀態。
|
|
type
|
string
|
資源的型別。 例如“Microsoft.Compute/virtualMachines” 或 “Microsoft.Storage/storageAccounts”
|
PrivateEndpointConnectionProvisioningState
目前的布建狀態。
| 名稱 |
類型 |
Description |
|
Creating
|
string
|
|
|
Deleting
|
string
|
|
|
Failed
|
string
|
|
|
Succeeded
|
string
|
|
PrivateEndpointServiceConnectionStatus
私人端點連線狀態。
| 名稱 |
類型 |
Description |
|
Approved
|
string
|
|
|
Pending
|
string
|
|
|
Rejected
|
string
|
|
PrivateLinkServiceConnectionState
服務取用者與提供者之間連線狀態的相關信息集合。
ProvisioningState
取得呼叫作業時記憶體帳戶的狀態。
| 名稱 |
類型 |
Description |
|
Creating
|
string
|
|
|
ResolvingDNS
|
string
|
|
|
Succeeded
|
string
|
|
PublicNetworkAccess
允許、不允許或允許網路安全性周邊設定評估記憶體帳戶的公用網路存取權。 值為選擇性值,但如果傳入,必須是 'Enabled'、'Disabled' 或 'SecuredByPerimeter'。
| 名稱 |
類型 |
Description |
|
Disabled
|
string
|
|
|
Enabled
|
string
|
|
|
SecuredByPerimeter
|
string
|
|
ResourceAccessRule
資源存取規則。
| 名稱 |
類型 |
Description |
|
resourceId
|
string
|
資源標識碼
|
|
tenantId
|
string
|
租用戶標識碼
|
RoutingChoice
路由選擇會定義使用者選擇的網路路由類型。
| 名稱 |
類型 |
Description |
|
InternetRouting
|
string
|
|
|
MicrosoftRouting
|
string
|
|
RoutingPreference
路由喜好設定會定義用來傳遞用戶數據的 Microsoft 或因特網路由的網路類型,預設選項為 microsoft 路由
| 名稱 |
類型 |
Description |
|
publishInternetEndpoints
|
boolean
|
布爾值旗標,指出是否要發佈因特網路由記憶體端點
|
|
publishMicrosoftEndpoints
|
boolean
|
布爾值旗標,指出是否要發佈 Microsoft 路由記憶體端點
|
|
routingChoice
|
RoutingChoice
|
路由選擇會定義使用者選擇的網路路由類型。
|
SasPolicy
指派給記憶體帳戶的 SasPolicy。
| 名稱 |
類型 |
預設值 |
Description |
|
expirationAction
|
ExpirationAction
|
Log
|
SAS 到期動作會定義違反 sasPolicy.sasExpirationPeriod 時要執行的動作。 「記錄」動作可用於稽核目的,而「封鎖」動作可用來封鎖和拒絕使用不符合 sas 原則到期期限的 SAS 令牌。
|
|
sasExpirationPeriod
|
string
|
|
SAS 到期期間 DD.HH:MM:SS。
|
Sku
記憶體帳戶的 SKU。
| 名稱 |
類型 |
Description |
|
name
|
SkuName
|
SKU 名稱。 帳戶建立的必要專案;選擇性的更新。 請注意,在舊版中,SKU 名稱稱為 accountType。
|
|
tier
|
SkuTier
|
SKU 層。 這是以 SKU 名稱為基礎。
|
SkuConversionStatus
這個屬性表示目前的 SKU 轉換狀態。
| 名稱 |
類型 |
Description |
|
Failed
|
string
|
|
|
InProgress
|
string
|
|
|
Succeeded
|
string
|
|
SkuName
SKU 名稱。 帳戶建立的必要專案;選擇性的更新。 請注意,在舊版中,SKU 名稱稱為 accountType。
| 名稱 |
類型 |
Description |
|
Premium_LRS
|
string
|
|
|
Premium_ZRS
|
string
|
|
|
Standard_GRS
|
string
|
|
|
Standard_GZRS
|
string
|
|
|
Standard_LRS
|
string
|
|
|
Standard_RAGRS
|
string
|
|
|
Standard_RAGZRS
|
string
|
|
|
Standard_ZRS
|
string
|
|
SkuTier
SKU 層。 這是以 SKU 名稱為基礎。
| 名稱 |
類型 |
Description |
|
Premium
|
string
|
|
|
Standard
|
string
|
|
State
取得虛擬網路規則的狀態。
| 名稱 |
類型 |
Description |
|
Deprovisioning
|
string
|
|
|
Failed
|
string
|
|
|
NetworkSourceDeleted
|
string
|
|
|
Provisioning
|
string
|
|
|
Succeeded
|
string
|
|
StorageAccount
記憶體帳戶。
| 名稱 |
類型 |
Description |
|
extendedLocation
|
ExtendedLocation
|
資源的 extendedLocation。
|
|
id
|
string
|
資源的完整資源標識碼。 例如 - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
identity
|
Identity
|
資源的身分識別。
|
|
kind
|
Kind
|
取得 Kind。
|
|
location
|
string
|
資源所在的地理位置
|
|
name
|
string
|
資源的名稱
|
|
properties.accessTier
|
AccessTier
|
類型 = BlobStorage 的記憶體帳戶需要 。 存取層用於計費。 「進階」存取層是進階區塊 Blob 記憶體帳戶類型的預設值,而且無法變更進階區塊 Blob 記憶體帳戶類型。
|
|
properties.accountMigrationInProgress
|
boolean
|
如果客戶起始的帳戶移轉正在進行中,此值會是 true,否則此值會是 Null。
|
|
properties.allowBlobPublicAccess
|
boolean
|
允許或不允許公用存取記憶體帳戶中的所有 Blob 或容器。 此屬性的默認解譯為 false。
|
|
properties.allowCrossTenantReplication
|
boolean
|
允許或不允許跨 AAD 租使用者物件複寫。 只有當物件復寫策略將涉及不同 AAD 租使用者的記憶體帳戶時,才將此屬性設定為 true。 根據預設,新帳戶預設會遵循最佳安全性作法的默認解譯為 false。
|
|
properties.allowSharedKeyAccess
|
boolean
|
指出記憶體帳戶是否允許透過共用密鑰使用帳戶存取金鑰授權要求。 如果為 false,則所有要求,包括共用存取簽章,都必須獲得 Azure Active Directory (Azure AD) 的授權。 默認值為 null,相當於 true。
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
限制從 AAD 租使用者內的記憶體帳戶,或使用相同 VNet 的私人連結來回復制。
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
提供 Azure 檔案記憶體的身分識別型驗證設定。
|
|
properties.blobRestoreStatus
|
BlobRestoreStatus
|
Blob 還原狀態
|
|
properties.creationTime
|
string
|
取得以UTC為單位的記憶體帳戶建立日期和時間。
|
|
properties.customDomain
|
CustomDomain
|
取得使用者指派給此記憶體帳戶的自定義網域。
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
布爾值旗標,指出預設驗證是否為 OAuth。 此屬性的默認解譯為 false。
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
可讓您指定端點的類型。 將此設定為 AzureDNSZone 以在單一訂用帳戶中建立大量帳戶,這會在 Azure DNS 區域中建立帳戶,而端點 URL 將會有英數位元 DNS 區域標識符。
|
|
properties.enableExtendedGroups
|
boolean
|
如果設定為 true,則啟用本機使用者功能的擴充群組支援
|
|
properties.encryption
|
Encryption
|
要用於記憶體帳戶伺服器端加密的加密設定。
|
|
properties.failoverInProgress
|
boolean
|
如果故障轉移正在進行中,此值會是 true,否則會是 Null。
|
|
properties.geoReplicationStats
|
GeoReplicationStats
|
異地復寫統計數據
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
屬性是不可變的,而且只能在帳戶建立期間設定為 true。 設定為 true 時,預設會啟用帳戶中所有容器的物件層級不變性。
|
|
properties.isHnsEnabled
|
boolean
|
如果設定為 true,則會啟用 Account HierarchicalNamespace。
|
|
properties.isLocalUserEnabled
|
boolean
|
如果設定為 true,則啟用本機使用者功能
|
|
properties.isNfsV3Enabled
|
boolean
|
如果設定為 true,則啟用 NFS 3.0 通訊協議支援。
|
|
properties.isSftpEnabled
|
boolean
|
如果設定為 true,則啟用安全檔案傳輸通訊協定
|
|
properties.isSkuConversionBlocked
|
boolean
|
在進行中的移轉事件上,此屬性會設定為 true 或 false。 預設值為 null。
|
|
properties.keyCreationTime
|
KeyCreationTime
|
儲存體帳戶金鑰建立時間。
|
|
properties.keyPolicy
|
KeyPolicy
|
指派給記憶體帳戶的 KeyPolicy。
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
如果設定為 [已啟用],則允許大型檔案共用。 一旦啟用,就無法停用它。
|
|
properties.lastGeoFailoverTime
|
string
|
取得故障轉移至次要位置之最近實例的時間戳。 只會保留最新的時間戳。 如果沒有故障轉移實例,則不會傳回這個專案。 只有在 accountType 是Standard_GRS或Standard_RAGRS時才可使用。
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
將要求對記憶體的要求設定為允許的最低 TLS 版本。 此屬性的預設解譯為 TLS 1.0。
|
|
properties.networkAcls
|
NetworkRuleSet
|
網路規則集
|
|
properties.primaryEndpoints
|
Endpoints
|
取得用來擷取公用 Blob、佇列或數據表物件的 URL。 請注意,Standard_ZRS和Premium_LRS帳戶只會傳回 Blob 端點。
|
|
properties.primaryLocation
|
string
|
取得記憶體帳戶的主要數據中心位置。
|
|
properties.privateEndpointConnections
|
PrivateEndpointConnection[]
|
與指定記憶體帳戶相關聯的私人端點連線清單
|
|
properties.provisioningState
|
ProvisioningState
|
取得呼叫作業時記憶體帳戶的狀態。
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
允許、不允許或允許網路安全性周邊設定評估記憶體帳戶的公用網路存取權。
|
|
properties.routingPreference
|
RoutingPreference
|
維護使用者選擇進行數據傳輸的網路路由選擇相關信息
|
|
properties.sasPolicy
|
SasPolicy
|
指派給記憶體帳戶的 SasPolicy。
|
|
properties.secondaryEndpoints
|
Endpoints
|
取得用來從記憶體帳戶次要位置擷取公用 Blob、佇列或數據表物件的 URL。 只有在 SKU 名稱是Standard_RAGRS時才可使用。
|
|
properties.secondaryLocation
|
string
|
取得記憶體帳戶異地復寫次要資料庫的位置。 只有在 accountType 是Standard_GRS或Standard_RAGRS時才可使用。
|
|
properties.statusOfPrimary
|
AccountStatus
|
取得狀態,指出記憶體帳戶的主要位置是否可用或無法使用。
|
|
properties.statusOfSecondary
|
AccountStatus
|
取得狀態,指出記憶體帳戶的次要位置是否可用或無法使用。 只有在 SKU 名稱是Standard_GRS或Standard_RAGRS時才可使用。
|
|
properties.storageAccountSkuConversionStatus
|
StorageAccountSkuConversionStatus
|
這個屬性是 readOnly,而且是在異步記憶體帳戶 SKU 轉換作業期間由伺服器設定。
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
如果設定為 true,則只允許 HTTPs 流量到記憶體服務。
|
|
sku
|
Sku
|
取得 SKU。
|
|
tags
|
object
|
資源標籤。
|
|
type
|
string
|
資源的型別。 例如“Microsoft.Compute/virtualMachines” 或 “Microsoft.Storage/storageAccounts”
|
StorageAccountInternetEndpoints
用來透過因特網路由端點擷取公用 Blob、檔案、Web 或 dfs 物件的 URI。
| 名稱 |
類型 |
Description |
|
blob
|
string
|
取得 Blob 端點。
|
|
dfs
|
string
|
取得 dfs 端點。
|
|
file
|
string
|
取得檔案端點。
|
|
web
|
string
|
取得 Web 端點。
|
StorageAccountMicrosoftEndpoints
用來透過 Microsoft 路由端點擷取公用 Blob、佇列、數據表、Web 或 dfs 物件的 URI。
| 名稱 |
類型 |
Description |
|
blob
|
string
|
取得 Blob 端點。
|
|
dfs
|
string
|
取得 dfs 端點。
|
|
file
|
string
|
取得檔案端點。
|
|
queue
|
string
|
取得佇列端點。
|
|
table
|
string
|
取得數據表端點。
|
|
web
|
string
|
取得 Web 端點。
|
StorageAccountSkuConversionStatus
這會定義異步 SKU 轉換的 SKU 轉換狀態物件。
| 名稱 |
類型 |
Description |
|
endTime
|
string
|
這個屬性代表 SKU 轉換結束時間。
|
|
skuConversionStatus
|
SkuConversionStatus
|
這個屬性表示目前的 SKU 轉換狀態。
|
|
startTime
|
string
|
此屬性代表 SKU 轉換開始時間。
|
|
targetSkuName
|
SkuName
|
這個屬性代表以異步方式轉換帳戶 SKU 的目標 SKU 名稱。
|
StorageAccountUpdateParameters
更新記憶體帳戶屬性時所提供的參數。
| 名稱 |
類型 |
Description |
|
identity
|
Identity
|
資源的身分識別。
|
|
kind
|
Kind
|
自選。 指出記憶體帳戶的類型。 目前只有伺服器支援的 StorageV2 值。
|
|
properties.accessTier
|
AccessTier
|
類型 = BlobStorage 的記憶體帳戶需要 。 存取層用於計費。 「進階」存取層是進階區塊 Blob 記憶體帳戶類型的預設值,而且無法變更進階區塊 Blob 記憶體帳戶類型。
|
|
properties.allowBlobPublicAccess
|
boolean
|
允許或不允許公用存取記憶體帳戶中的所有 Blob 或容器。 此屬性的默認解譯為 false。
|
|
properties.allowCrossTenantReplication
|
boolean
|
允許或不允許跨 AAD 租使用者物件複寫。 只有當物件復寫策略將涉及不同 AAD 租使用者的記憶體帳戶時,才將此屬性設定為 true。 根據預設,新帳戶預設會遵循最佳安全性作法的默認解譯為 false。
|
|
properties.allowSharedKeyAccess
|
boolean
|
指出記憶體帳戶是否允許透過共用密鑰使用帳戶存取金鑰授權要求。 如果為 false,則所有要求,包括共用存取簽章,都必須獲得 Azure Active Directory (Azure AD) 的授權。 默認值為 null,相當於 true。
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
限制從 AAD 租使用者內的記憶體帳戶,或使用相同 VNet 的私人連結來回復制。
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
提供 Azure 檔案記憶體的身分識別型驗證設定。
|
|
properties.customDomain
|
CustomDomain
|
使用者指派給記憶體帳戶的自定義網域。 名稱是 CNAME 來源。 目前每個記憶體帳戶只支援一個自定義網域。 若要清除現有的自定義網域,請使用自定義功能變數名稱屬性的空字串。
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
布爾值旗標,指出預設驗證是否為 OAuth。 此屬性的默認解譯為 false。
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
可讓您指定端點的類型。 將此設定為 AzureDNSZone 以在單一訂用帳戶中建立大量帳戶,這會在 Azure DNS 區域中建立帳戶,而端點 URL 將會有英數位元 DNS 區域標識符。
|
|
properties.enableExtendedGroups
|
boolean
|
如果設定為 true,則啟用本機使用者功能的擴充群組支援
|
|
properties.encryption
|
Encryption
|
不適用。 預設會為所有記憶體帳戶啟用待用 Azure 記憶體加密,且無法停用。
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
屬性是不可變的,而且只能在帳戶建立期間設定為 true。 設定為 true 時,預設會啟用帳戶中所有容器的物件層級不變性。
|
|
properties.isLocalUserEnabled
|
boolean
|
如果設定為 true,則啟用本機使用者功能
|
|
properties.isSftpEnabled
|
boolean
|
如果設定為 true,則啟用安全檔案傳輸通訊協定
|
|
properties.keyPolicy
|
KeyPolicy
|
指派給記憶體帳戶的 KeyPolicy。
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
如果設定為 [已啟用],則允許大型檔案共用。 一旦啟用,就無法停用它。
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
將要求對記憶體的要求設定為允許的最低 TLS 版本。 此屬性的預設解譯為 TLS 1.0。
|
|
properties.networkAcls
|
NetworkRuleSet
|
網路規則集
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
允許、不允許或允許網路安全性周邊設定評估記憶體帳戶的公用網路存取權。 值為選擇性值,但如果傳入,必須是 'Enabled'、'Disabled' 或 'SecuredByPerimeter'。
|
|
properties.routingPreference
|
RoutingPreference
|
維護使用者選擇進行數據傳輸的網路路由選擇相關信息
|
|
properties.sasPolicy
|
SasPolicy
|
指派給記憶體帳戶的 SasPolicy。
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
如果設定為 true,則只允許 HTTPs 流量到記憶體服務。
|
|
sku
|
Sku
|
取得或設定 SKU 名稱。 請注意,SKU 名稱無法更新為Standard_ZRS、Premium_LRS或Premium_ZRS,也無法將這些 SKU 名稱的帳戶更新為任何其他值。
|
|
tags
|
object
|
取得或設定描述資源的索引鍵值組清單。 這些標籤可用於檢視和群組此資源(跨資源群組)。 最多可為資源提供15個標籤。 每個標記的長度必須不超過 128 個字元,且長度不超過 256 個字元的值。
|
UserAssignedIdentity
資源的 UserAssignedIdentity。
| 名稱 |
類型 |
Description |
|
clientId
|
string
|
身分識別的用戶端識別碼。
|
|
principalId
|
string
|
身分識別的主體標識碼。
|
VirtualNetworkRule
虛擬網路規則。
| 名稱 |
類型 |
預設值 |
Description |
|
action
|
Action
|
Allow
|
虛擬網路規則的動作。
|
|
id
|
string
|
|
子網的資源標識符,例如:/subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}。
|
|
state
|
State
|
|
取得虛擬網路規則的狀態。
|