A operação de atualização pode ser utilizada para atualizar o SKU, a encriptação, a camada de acesso ou as etiquetas de uma conta de armazenamento. Também pode ser utilizado para mapear a conta para um domínio personalizado. Apenas um domínio personalizado é suportado por conta de armazenamento; a substituição/alteração do domínio personalizado não é suportada. Para substituir um domínio personalizado antigo, o valor antigo tem de ser limpo/não registado antes de ser possível definir um novo valor. A atualização de várias propriedades é suportada. Esta chamada não altera as chaves de armazenamento da conta. Se quiser alterar as chaves da conta de armazenamento, utilize a operação de regeneração de chaves. A localização e o nome da conta de armazenamento não podem ser alterados após a criação.
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2023-01-01
Parâmetros do URI
Name |
Em |
Necessário |
Tipo |
Description |
accountName
|
path |
True
|
string
|
O nome da conta de armazenamento no grupo de recursos especificado. Os nomes das contas de armazenamento têm de ter entre 3 e 24 carateres de comprimento e utilizar apenas números e letras minúsculas.
Regex pattern: ^[a-z0-9]+$
|
resourceGroupName
|
path |
True
|
string
|
O nome do grupo de recursos na subscrição do utilizador. O nome não é sensível a maiúsculas e minúsculas.
Regex pattern: ^[-\w\._\(\)]+$
|
subscriptionId
|
path |
True
|
string
|
O ID da subscrição de destino.
|
api-version
|
query |
True
|
string
|
A versão da API a utilizar para esta operação.
|
Corpo do Pedido
Name |
Tipo |
Description |
identity
|
Identity
|
A identidade do recurso.
|
kind
|
Kind
|
Opcional. Indica o tipo de conta de armazenamento. Atualmente, apenas o valor StorageV2 é suportado pelo servidor.
|
properties.accessTier
|
AccessTier
|
Necessário para contas de armazenamento em que kind = BlobStorage. A camada de acesso é utilizada para faturação. A camada de acesso "Premium" é o valor predefinido para o tipo de conta de armazenamento de blobs de blocos premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de blocos premium.
|
properties.allowBlobPublicAccess
|
boolean
|
Permitir ou não permitir o acesso público a todos os blobs ou contentores na conta de armazenamento. A interpretação predefinida é falsa para esta propriedade.
|
properties.allowCrossTenantReplication
|
boolean
|
Permitir ou não permitir a replicação de objetos de inquilino do AAD. Defina esta propriedade como verdadeira para contas novas ou existentes apenas se as políticas de replicação de objetos irão envolver contas de armazenamento em inquilinos do AAD diferentes. A interpretação predefinida é falsa para que as novas contas sigam as melhores práticas de segurança por predefinição.
|
properties.allowSharedKeyAccess
|
boolean
|
Indica se a conta de armazenamento permite que os pedidos sejam autorizados com a chave de acesso da conta através da Chave Partilhada. Se for falso, todos os pedidos, incluindo assinaturas de acesso partilhado, têm de ser autorizados com o Azure Active Directory (Azure AD). O valor predefinido é nulo, o que é equivalente a verdadeiro.
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restringir a cópia de e para Contas de Armazenamento num inquilino do AAD ou com Ligações Privadas para a mesma VNet.
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Fornece as definições de autenticação baseada em identidade para Ficheiros do Azure.
|
properties.customDomain
|
CustomDomain
|
Domínio personalizado atribuído à conta de armazenamento pelo utilizador. O nome é a origem CNAME. Neste momento, só é suportado um domínio personalizado por conta de armazenamento. Para limpar o domínio personalizado existente, utilize uma cadeia vazia para a propriedade de nome de domínio personalizado.
|
properties.defaultToOAuthAuthentication
|
boolean
|
Um sinalizador booleano que indica se a autenticação predefinida é ou não OAuth. A interpretação predefinida é falsa para esta propriedade.
|
properties.dnsEndpointType
|
DnsEndpointType
|
Permite-lhe especificar o tipo de ponto final. Defina esta opção como AzureDNSZone para criar um grande número de contas numa única subscrição, o que cria contas numa Zona DNS do Azure e o URL do ponto final terá um identificador de Zona DNS alfanumérica.
|
properties.encryption
|
Encryption
|
Não aplicável. A encriptação de Armazenamento do Azure inativa está ativada por predefinição para todas as contas de armazenamento e não pode ser desativada.
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
A propriedade é imutável e só pode ser definida como verdadeira no momento da criação da conta. Quando definido como verdadeiro, ativa a imutabilidade ao nível do objeto para todos os contentores na conta por predefinição.
|
properties.isLocalUserEnabled
|
boolean
|
Ativa a funcionalidade de utilizadores locais, se definida como verdadeira
|
properties.isSftpEnabled
|
boolean
|
Ativa o Protocolo de Transferência de Ficheiros Seguro, se definido como verdadeiro
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Permitir partilhas de ficheiros grandes se estiver configurada como Ativada. Não pode ser desativada depois de estar ativada.
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Defina a versão mínima do TLS a ser permitida nos pedidos de armazenamento. A interpretação predefinida é TLS 1.0 para esta propriedade.
|
properties.networkAcls
|
NetworkRuleSet
|
Conjunto de regras de rede
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Permitir ou não permitir o acesso da rede pública à Conta de Armazenamento. O valor é opcional, mas se for transmitido, tem de ser "Ativado" ou "Desativado".
|
properties.routingPreference
|
RoutingPreference
|
Mantém informações sobre a opção de encaminhamento de rede que o utilizador optou pela transferência de dados
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy atribuída à conta de armazenamento.
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Permite tráfego https apenas para o serviço de armazenamento se for definido como verdadeiro.
|
sku
|
Sku
|
Obtém ou define o nome do SKU. Tenha em atenção que o nome do SKU não pode ser atualizado para Standard_ZRS, Premium_LRS ou Premium_ZRS, nem as contas desses nomes de SKU podem ser atualizadas para qualquer outro valor.
|
tags
|
object
|
Obtém ou define uma lista de pares chave-valor que descrevem o recurso. Estas etiquetas podem ser utilizadas para ver e agrupar este recurso (entre grupos de recursos). Pode ser fornecido um máximo de 15 etiquetas para um recurso. Cada etiqueta não tem de ter uma chave com um comprimento superior a 128 carateres e um valor não maior em comprimento do que 256 carateres.
|
Respostas
Name |
Tipo |
Description |
200 OK
|
StorageAccount
|
OK – as propriedades da conta de armazenamento foram atualizadas com êxito.
|
Segurança
azure_auth
Fluxo OAuth2 do Azure Active Directory
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name |
Description |
user_impersonation
|
representar a sua conta de utilizador
|
Exemplos
StorageAccountEnableAD
Sample Request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-01-01
{
"properties": {
"azureFilesIdentityBasedAuthentication": {
"directoryServiceOptions": "AD",
"activeDirectoryProperties": {
"domainName": "adtest.com",
"netBiosDomainName": "adtest.com",
"forestName": "adtest.com",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"samAccountName": "sam12498",
"accountType": "User"
}
}
}
}
import com.azure.resourcemanager.storage.models.ActiveDirectoryProperties;
import com.azure.resourcemanager.storage.models.ActiveDirectoryPropertiesAccountType;
import com.azure.resourcemanager.storage.models.AzureFilesIdentityBasedAuthentication;
import com.azure.resourcemanager.storage.models.DirectoryServiceOptions;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/** Samples for StorageAccounts Update. */
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountEnableAD.json
*/
/**
* Sample code: StorageAccountEnableAD.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountEnableAD(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters().withAzureFilesIdentityBasedAuthentication(
new AzureFilesIdentityBasedAuthentication().withDirectoryServiceOptions(DirectoryServiceOptions.AD)
.withActiveDirectoryProperties(new ActiveDirectoryProperties().withDomainName("adtest.com")
.withNetBiosDomainName("adtest.com").withForestName("adtest.com")
.withDomainGuid("aebfc118-9fa9-4732-a21f-d98e41a77ae1")
.withDomainSid("S-1-5-21-2400535526-2334094090-2402026252")
.withAzureStorageSid("S-1-5-21-2400535526-2334094090-2402026252-0012")
.withSamAccountName("sam12498").withAccountType(ActiveDirectoryPropertiesAccountType.USER))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_enable_ad.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"azureFilesIdentityBasedAuthentication": {
"activeDirectoryProperties": {
"accountType": "User",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainName": "adtest.com",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"forestName": "adtest.com",
"netBiosDomainName": "adtest.com",
"samAccountName": "sam12498",
},
"directoryServiceOptions": "AD",
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountEnableAD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0baf811c3c76c87b3c127d098519bd97141222dd/specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountEnableAD.json
func ExampleAccountsClient_Update_storageAccountEnableAd() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AzureFilesIdentityBasedAuthentication: &armstorage.AzureFilesIdentityBasedAuthentication{
ActiveDirectoryProperties: &armstorage.ActiveDirectoryProperties{
AccountType: to.Ptr(armstorage.ActiveDirectoryPropertiesAccountTypeUser),
AzureStorageSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252-0012"),
DomainGUID: to.Ptr("aebfc118-9fa9-4732-a21f-d98e41a77ae1"),
DomainName: to.Ptr("adtest.com"),
DomainSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252"),
ForestName: to.Ptr("adtest.com"),
NetBiosDomainName: to.Ptr("adtest.com"),
SamAccountName: to.Ptr("sam12498"),
},
DirectoryServiceOptions: to.Ptr(armstorage.DirectoryServiceOptionsAD),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AzureFilesIdentityBasedAuthentication: &armstorage.AzureFilesIdentityBasedAuthentication{
// ActiveDirectoryProperties: &armstorage.ActiveDirectoryProperties{
// AccountType: to.Ptr(armstorage.ActiveDirectoryPropertiesAccountTypeUser),
// AzureStorageSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252-0012"),
// DomainGUID: to.Ptr("aebfc118-9fa9-4732-a21f-d98e41a77ae1"),
// DomainName: to.Ptr("adtest.com"),
// DomainSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252"),
// ForestName: to.Ptr("adtest.com"),
// NetBiosDomainName: to.Ptr("adtest.com"),
// SamAccountName: to.Ptr("sam12498"),
// },
// DirectoryServiceOptions: to.Ptr(armstorage.DirectoryServiceOptionsAD),
// },
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountEnableAD.json
*/
async function storageAccountEnableAd() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
azureFilesIdentityBasedAuthentication: {
activeDirectoryProperties: {
accountType: "User",
azureStorageSid: "S-1-5-21-2400535526-2334094090-2402026252-0012",
domainGuid: "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
domainName: "adtest.com",
domainSid: "S-1-5-21-2400535526-2334094090-2402026252",
forestName: "adtest.com",
netBiosDomainName: "adtest.com",
samAccountName: "sam12498",
},
directoryServiceOptions: "AD",
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"creationTime": "2017-06-01T02:42:41.7633306Z",
"azureFilesIdentityBasedAuthentication": {
"directoryServiceOptions": "AD",
"activeDirectoryProperties": {
"domainName": "adtest.com",
"netBiosDomainName": "adtest.com",
"forestName": "adtest.com",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"samAccountName": "sam12498",
"accountType": "User"
}
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/"
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountEnableCMK
Sample Request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-01-01
{
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/** Samples for StorageAccounts Update. */
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountEnableCMK.json
*/
/**
* Sample code: StorageAccountEnableCMK.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountEnableCMK(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters().withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_enable_cmk.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountEnableCMK.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0baf811c3c76c87b3c127d098519bd97141222dd/specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountEnableCMK.json
func ExampleAccountsClient_Update_storageAccountEnableCmk() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeSystemAssigned),
// PrincipalID: to.Ptr("911871cc-ffd1-4fc4-ac11-7a316433ea66"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountEnableCMK.json
*/
async function storageAccountEnableCmk() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
encryption: {
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"identity": {
"principalId": "911871cc-ffd1-4fc4-ac11-7a316433ea66",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"type": "SystemAssigned"
},
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"creationTime": "2017-06-01T02:42:41.7633306Z",
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
}
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/"
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdate
Sample Request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-01-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"isSftpEnabled": true,
"isLocalUserEnabled": true,
"defaultToOAuthAuthentication": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
}
}
}
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for StorageAccounts Update. */
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdate.json
*/
/**
* Sample code: StorageAccountUpdate.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdate(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20)).withIsSftpEnabled(true)
.withIsLocalUserEnabled(true)
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isLocalUserEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdate.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0baf811c3c76c87b3c127d098519bd97141222dd/specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdate.json
func ExampleAccountsClient_Update_storageAccountUpdate() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsLocalUserEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// IsLocalUserEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdate.json
*/
async function storageAccountUpdate() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
isLocalUserEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"isSftpEnabled": true,
"isLocalUserEnabled": true,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateAllowedCopyScopeToAAD
Sample Request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-01-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"allowedCopyScope": "AAD"
}
}
import com.azure.resourcemanager.storage.models.AllowedCopyScope;
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for StorageAccounts Update. */
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/
* StorageAccountUpdateAllowedCopyScopeToAAD.json
*/
/**
* Sample code: StorageAccountUpdateAllowedCopyScopeToAAD.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateAllowedCopyScopeToAAD(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withAllowedCopyScope(AllowedCopyScope.AAD),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_allowed_copy_scope_to_aad.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"allowedCopyScope": "AAD",
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0baf811c3c76c87b3c127d098519bd97141222dd/specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
func ExampleAccountsClient_Update_storageAccountUpdateAllowedCopyScopeToAad() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
*/
async function storageAccountUpdateAllowedCopyScopeToAad() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
allowedCopyScope: "AAD",
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"allowedCopyScope": "AAD",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateDisablePublicNetworkAccess
Sample Request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-01-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"publicNetworkAccess": "Disabled"
}
}
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.PublicNetworkAccess;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for StorageAccounts Update. */
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/
* StorageAccountUpdateDisablePublicNetworkAccess.json
*/
/**
* Sample code: StorageAccountUpdateDisablePublicNetworkAccess.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountUpdateDisablePublicNetworkAccess(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withPublicNetworkAccess(PublicNetworkAccess.DISABLED),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_disable_public_network_access.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"publicNetworkAccess": "Disabled",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0baf811c3c76c87b3c127d098519bd97141222dd/specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
func ExampleAccountsClient_Update_storageAccountUpdateDisablePublicNetworkAccess() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
*/
async function storageAccountUpdateDisablePublicNetworkAccess() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
publicNetworkAccess: "Disabled",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"publicNetworkAccess": "Disabled",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK
Sample Request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-01-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
},
"keySource": "Microsoft.Keyvault",
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/** Samples for StorageAccounts Update. */
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/
* StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
*/
/**
* Sample code: StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateUserAssignedEncryptionIdentityWithCMK(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9101", "sto4445",
new StorageAccountUpdateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withKind(Kind.STORAGE)
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_user_assigned_encryption_identity_with_cmk.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"properties": {
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0baf811c3c76c87b3c127d098519bd97141222dd/specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
func ExampleAccountsClient_Update_storageAccountUpdateUserAssignedEncryptionIdentityWithCmk() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9101", "sto4445", armstorage.AccountUpdateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
*/
async function storageAccountUpdateUserAssignedEncryptionIdentityWithCmk() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7",
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5"
}
},
"type": "UserAssigned"
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"location": "eastus",
"tags": {},
"properties": {
"privateEndpointConnections": [],
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
},
"keySource": "Microsoft.Keyvault"
},
"accessTier": "Hot",
"provisioningState": "Succeeded",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/"
},
"primaryLocation": "eastus",
"statusOfPrimary": "available"
}
}
StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId
Sample Request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res131918/providers/Microsoft.Storage/storageAccounts/sto131918?api-version=2023-01-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
},
"keySource": "Microsoft.Keyvault",
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6"
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/** Samples for StorageAccounts Update. */
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/
* StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
/**
* Sample code: StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res131918",
"sto131918",
new StorageAccountUpdateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withKind(Kind.STORAGE)
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")
.withEncryptionFederatedIdentityClientId("3109d1c4-a5de-4d84-8832-feabb916a4b6"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_user_assigned_identity_with_federated_identity_client_id.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res131918",
account_name="sto131918",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"properties": {
"encryption": {
"identity": {
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6",
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0baf811c3c76c87b3c127d098519bd97141222dd/specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
func ExampleAccountsClient_Update_storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res131918", "sto131918", armstorage.AccountUpdateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionFederatedIdentityClientID: to.Ptr("3109d1c4-a5de-4d84-8832-feabb916a4b6"),
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionFederatedIdentityClientID: to.Ptr("3109d1c4-a5de-4d84-8832-feabb916a4b6"),
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
async function storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res131918";
const accountName = "sto131918";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionFederatedIdentityClientId: "3109d1c4-a5de-4d84-8832-feabb916a4b6",
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7",
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5"
}
},
"type": "UserAssigned"
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"location": "eastus",
"tags": {},
"properties": {
"privateEndpointConnections": [],
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6"
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
},
"keySource": "Microsoft.Keyvault"
},
"accessTier": "Hot",
"provisioningState": "Succeeded",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/"
},
"primaryLocation": "eastus",
"statusOfPrimary": "available"
}
}
StorageAccountUpdateWithImmutabilityPolicy
Sample Request
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-01-01
{
"properties": {
"immutableStorageWithVersioning": {
"immutabilityPolicy": {
"immutabilityPeriodSinceCreationInDays": 15,
"allowProtectedAppendWrites": true,
"state": "Locked"
},
"enabled": true
}
}
}
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyProperties;
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyState;
import com.azure.resourcemanager.storage.models.ImmutableStorageAccount;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/** Samples for StorageAccounts Update. */
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/
* StorageAccountUpdateWithImmutabilityPolicy.json
*/
/**
* Sample code: StorageAccountUpdateWithImmutabilityPolicy.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountUpdateWithImmutabilityPolicy(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withImmutableStorageWithVersioning(new ImmutableStorageAccount().withEnabled(true)
.withImmutabilityPolicy(new AccountImmutabilityPolicyProperties()
.withImmutabilityPeriodSinceCreationInDays(15)
.withState(AccountImmutabilityPolicyState.LOCKED).withAllowProtectedAppendWrites(true))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_with_immutability_policy.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"immutableStorageWithVersioning": {
"enabled": True,
"immutabilityPolicy": {
"allowProtectedAppendWrites": True,
"immutabilityPeriodSinceCreationInDays": 15,
"state": "Locked",
},
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0baf811c3c76c87b3c127d098519bd97141222dd/specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
func ExampleAccountsClient_Update_storageAccountUpdateWithImmutabilityPolicy() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
Enabled: to.Ptr(true),
ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
AllowProtectedAppendWrites: to.Ptr(true),
ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
State: to.Ptr(armstorage.AccountImmutabilityPolicyStateLocked),
},
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
// Enabled: to.Ptr(true),
// ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
// AllowProtectedAppendWrites: to.Ptr(true),
// ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
// State: to.Ptr(armstorage.AccountImmutabilityPolicyStateLocked),
// },
// },
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
*/
async function storageAccountUpdateWithImmutabilityPolicy() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
immutableStorageWithVersioning: {
enabled: true,
immutabilityPolicy: {
allowProtectedAppendWrites: true,
immutabilityPeriodSinceCreationInDays: 15,
state: "Locked",
},
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"immutableStorageWithVersioning": {
"immutabilityPolicy": {
"immutabilityPeriodSinceCreationInDays": 15,
"allowProtectedAppendWrites": true,
"state": "Locked"
},
"enabled": true
}
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
Definições
Name |
Description |
AccessTier
|
Necessário para contas de armazenamento em que kind = BlobStorage. A camada de acesso é utilizada para faturação. A camada de acesso "Premium" é o valor predefinido do tipo de conta de armazenamento de blobs de blocos premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de blocos premium.
|
AccountImmutabilityPolicyProperties
|
Isto define as propriedades da política de imutabilidade ao nível da conta.
|
AccountImmutabilityPolicyState
|
O estado ImmutabilityPolicy define o modo da política. O estado desativado desativa a política, o estado Desbloqueado permite aumentar e diminuir o tempo de retenção de imutabilidade e também permite alternar a propriedade allowProtectedAppendWrites, o estado Bloqueado permite apenas o aumento do tempo de retenção de imutabilidade. Uma política só pode ser criada num estado Desativado ou Desbloqueado e pode ser alternada entre os dois estados. Apenas uma política num estado Desbloqueado pode transitar para um estado Bloqueado que não pode ser revertido.
|
AccountStatus
|
Obtém o estado que indica se a localização primária da conta de armazenamento está disponível ou indisponível.
|
AccountType
|
Especifica o tipo de conta do Active Directory para o Armazenamento do Azure.
|
Action
|
A ação da regra de rede virtual.
|
ActiveDirectoryProperties
|
Definições de propriedades do Active Directory (AD).
|
AllowedCopyScope
|
Restringir a cópia de e para Contas de Armazenamento num inquilino do AAD ou com Ligações Privadas para a mesma VNet.
|
AzureFilesIdentityBasedAuthentication
|
Definições para Ficheiros do Azure autenticação baseada em identidade.
|
BlobRestoreParameters
|
Parâmetros de restauro de blobs
|
BlobRestoreProgressStatus
|
O estado do progresso do restauro de blobs. Os valores possíveis são: - InProgress: indica que o restauro do blob está em curso. - Concluído: indica que o restauro do blob foi concluído com êxito. - Falha: indica que o restauro do blob falhou.
|
BlobRestoreRange
|
Intervalo de blobs
|
BlobRestoreStatus
|
Estado do restauro de blobs.
|
Bypass
|
Especifica se o tráfego é ignorado para Registo/Métricas/AzureServices. Os valores possíveis são qualquer combinação de Registo|Métricas|AzureServices (por exemplo, "Registo, Métricas" ou Nenhum para ignorar nenhum desses tráfegos.
|
CustomDomain
|
O domínio personalizado atribuído a esta conta de armazenamento. Isto pode ser definido através de Atualização.
|
DefaultAction
|
Especifica a ação predefinida de permitir ou negar quando nenhuma outra regra corresponde.
|
DefaultSharePermission
|
Permissão de partilha predefinida para utilizadores que utilizem a autenticação Kerberos se a função RBAC não estiver atribuída.
|
DirectoryServiceOptions
|
Indica o serviço de diretório utilizado. Tenha em atenção que esta enum pode ser expandida no futuro.
|
DnsEndpointType
|
Permite-lhe especificar o tipo de ponto final. Defina esta opção como AzureDNSZone para criar um grande número de contas numa única subscrição, o que cria contas numa Zona DNS do Azure e o URL do ponto final terá um identificador de Zona DNS alfanumérico.
|
Encryption
|
As definições de encriptação na conta de armazenamento.
|
EncryptionIdentity
|
Identidade de encriptação para a conta de armazenamento.
|
EncryptionService
|
Um serviço que permite a utilização da encriptação do lado do servidor.
|
EncryptionServices
|
Uma lista de serviços que suportam a encriptação.
|
Endpoints
|
Os URIs que são utilizados para efetuar uma obtenção de um objeto de blob, fila, tabela, web ou dfs públicos.
|
ExpirationAction
|
A ação de expiração de SAS. Só pode ser Registo.
|
ExtendedLocation
|
O tipo complexo da localização expandida.
|
ExtendedLocationTypes
|
O tipo de localização expandida.
|
GeoReplicationStats
|
Estatísticas relacionadas com a replicação dos serviços Blob, Tabela, Fila e Ficheiro da conta de armazenamento. Só está disponível quando a replicação georredundante está ativada para a conta de armazenamento.
|
GeoReplicationStatus
|
O estado da localização secundária. Os valores possíveis são: - Em direto: indica que a localização secundária está ativa e operacional. - Bootstrap: indica que a sincronização inicial da localização primária para a localização secundária está em curso. Normalmente, isto ocorre quando a replicação é ativada pela primeira vez. - Indisponível: indica que a localização secundária está temporariamente indisponível.
|
Identity
|
Identidade do recurso.
|
IdentityType
|
O tipo de identidade.
|
ImmutableStorageAccount
|
Esta propriedade ativa e define a imutabilidade ao nível da conta. Ativar a funcionalidade ativa automaticamente o Controlo de Versões de Blobs.
|
IPRule
|
Regra ip com intervalo ip ou IP específico no formato CIDR.
|
KeyCreationTime
|
Tempo de criação das chaves da conta de armazenamento.
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
KeySource
|
A chave de encriptaçãoSource (fornecedor). Valores possíveis (não sensíveis a maiúsculas e minúsculas): Microsoft.Storage, Microsoft.Keyvault
|
KeyType
|
Tipo de chave de encriptação a utilizar para o serviço de encriptação. O tipo de chave "Conta" implica que será utilizada uma chave de encriptação no âmbito da conta. O tipo de chave "Serviço" implica que é utilizada uma chave de serviço predefinida.
|
KeyVaultProperties
|
Propriedades do cofre de chaves.
|
Kind
|
Indica o tipo de conta de armazenamento.
|
LargeFileSharesState
|
Permitir partilhas de ficheiros grandes se estiver configurada como Ativado. Não pode ser desativado depois de estar ativado.
|
MinimumTlsVersion
|
Defina a versão mínima do TLS a ser permitida nos pedidos para o armazenamento. A interpretação predefinida é TLS 1.0 para esta propriedade.
|
NetworkRuleSet
|
Conjunto de regras de rede
|
postFailoverRedundancy
|
O tipo de redundância da conta após a ativação pós-falha de uma conta ser efetuada.
|
postPlannedFailoverRedundancy
|
O tipo de redundância da conta após a ativação pós-falha de uma conta planeada ser efetuada.
|
PrivateEndpoint
|
O recurso do Ponto Final Privado.
|
PrivateEndpointConnection
|
O recurso Ligação de Ponto Final Privado.
|
PrivateEndpointConnectionProvisioningState
|
O estado de aprovisionamento atual.
|
PrivateEndpointServiceConnectionStatus
|
O estado da ligação do ponto final privado.
|
PrivateLinkServiceConnectionState
|
Uma coleção de informações sobre o estado da ligação entre o consumidor e o fornecedor do serviço.
|
ProvisioningState
|
Obtém o estado da conta de armazenamento no momento em que a operação foi chamada.
|
PublicNetworkAccess
|
Permitir ou não permitir o acesso da rede pública à Conta de Armazenamento. O valor é opcional, mas se for transmitido, tem de ser "Ativado" ou "Desativado".
|
ResourceAccessRule
|
Regra de Acesso a Recursos.
|
RoutingChoice
|
A Escolha de Encaminhamento define o tipo de encaminhamento de rede que o utilizador optou.
|
RoutingPreference
|
A preferência de encaminhamento define o tipo de rede, quer seja o encaminhamento da Microsoft ou da Internet a utilizar para fornecer os dados do utilizador. A opção predefinida é o encaminhamento da Microsoft
|
SasPolicy
|
SasPolicy atribuída à conta de armazenamento.
|
Sku
|
O SKU da conta de armazenamento.
|
SkuConversionStatus
|
Esta propriedade indica o estado de conversão do SKU atual.
|
SkuName
|
O nome do SKU. Necessário para a criação da conta; opcional para atualização. Tenha em atenção que em versões mais antigas, o nome do SKU chamava-se accountType.
|
SkuTier
|
O escalão de SKU. Isto baseia-se no nome do SKU.
|
State
|
Obtém o estado da regra de rede virtual.
|
StorageAccount
|
A conta de armazenamento.
|
StorageAccountInternetEndpoints
|
Os URIs utilizados para efetuar a obtenção de um objeto público de blob, ficheiro, Web ou dfs através de um ponto final de encaminhamento da Internet.
|
StorageAccountMicrosoftEndpoints
|
Os URIs utilizados para efetuar a obtenção de um objeto público de blob, fila, tabela, Web ou dfs através de um ponto final de encaminhamento da Microsoft.
|
StorageAccountSkuConversionStatus
|
Isto define o objeto de estado de conversão de sku para conversões de sku assíncronas.
|
StorageAccountUpdateParameters
|
Os parâmetros que podem ser fornecidos ao atualizar as propriedades da conta de armazenamento.
|
UserAssignedIdentity
|
UserAssignedIdentity para o recurso.
|
VirtualNetworkRule
|
Rede Virtual regra.
|
AccessTier
Necessário para contas de armazenamento em que kind = BlobStorage. A camada de acesso é utilizada para faturação. A camada de acesso "Premium" é o valor predefinido do tipo de conta de armazenamento de blobs de blocos premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de blocos premium.
Name |
Tipo |
Description |
Cool
|
string
|
|
Hot
|
string
|
|
Premium
|
string
|
|
AccountImmutabilityPolicyProperties
Isto define as propriedades da política de imutabilidade ao nível da conta.
Name |
Tipo |
Description |
allowProtectedAppendWrites
|
boolean
|
Esta propriedade só pode ser alterada para políticas de retenção baseadas no tempo desativadas e desbloqueadas. Quando ativado, os novos blocos podem ser escritos num blob de acréscimo, mantendo a proteção e a conformidade de imutabilidade. Só podem ser adicionados novos blocos e os blocos existentes não podem ser modificados ou eliminados.
|
immutabilityPeriodSinceCreationInDays
|
integer
|
O período de imutabilidade dos blobs no contentor desde a criação da política, em dias.
|
state
|
AccountImmutabilityPolicyState
|
O estado ImmutabilityPolicy define o modo da política. O estado desativado desativa a política, o estado Desbloqueado permite aumentar e diminuir o tempo de retenção de imutabilidade e também permite a agregação da propriedade allowProtectedAppendWrites, o estado Bloqueado apenas permite o aumento do tempo de retenção de imutabilidade. Uma política só pode ser criada num estado Desativado ou Desbloqueado e pode ser alternada entre os dois estados. Apenas uma política num estado Desbloqueado pode transitar para um estado Bloqueado que não pode ser revertido.
|
AccountImmutabilityPolicyState
O estado ImmutabilityPolicy define o modo da política. O estado desativado desativa a política, o estado Desbloqueado permite aumentar e diminuir o tempo de retenção de imutabilidade e também permite alternar a propriedade allowProtectedAppendWrites, o estado Bloqueado permite apenas o aumento do tempo de retenção de imutabilidade. Uma política só pode ser criada num estado Desativado ou Desbloqueado e pode ser alternada entre os dois estados. Apenas uma política num estado Desbloqueado pode transitar para um estado Bloqueado que não pode ser revertido.
Name |
Tipo |
Description |
Disabled
|
string
|
|
Locked
|
string
|
|
Unlocked
|
string
|
|
AccountStatus
Obtém o estado que indica se a localização primária da conta de armazenamento está disponível ou indisponível.
Name |
Tipo |
Description |
available
|
string
|
|
unavailable
|
string
|
|
AccountType
Especifica o tipo de conta do Active Directory para o Armazenamento do Azure.
Name |
Tipo |
Description |
Computer
|
string
|
|
User
|
string
|
|
Action
A ação da regra de rede virtual.
Name |
Tipo |
Description |
Allow
|
string
|
|
ActiveDirectoryProperties
Definições de propriedades do Active Directory (AD).
Name |
Tipo |
Description |
accountType
|
AccountType
|
Especifica o tipo de conta do Active Directory para o Armazenamento do Azure.
|
azureStorageSid
|
string
|
Especifica o identificador de segurança (SID) do Armazenamento do Azure.
|
domainGuid
|
string
|
Especifica o GUID de domínio.
|
domainName
|
string
|
Especifica o domínio primário para o qual o servidor DNS do AD é autoritativo.
|
domainSid
|
string
|
Especifica o identificador de segurança (SID).
|
forestName
|
string
|
Especifica a floresta do Active Directory a obter.
|
netBiosDomainName
|
string
|
Especifica o nome de domínio NetBIOS.
|
samAccountName
|
string
|
Especifica o SAMAccountName do Active Directory para o Armazenamento do Azure.
|
AllowedCopyScope
Restringir a cópia de e para Contas de Armazenamento num inquilino do AAD ou com Ligações Privadas para a mesma VNet.
Name |
Tipo |
Description |
AAD
|
string
|
|
PrivateLink
|
string
|
|
AzureFilesIdentityBasedAuthentication
Definições para Ficheiros do Azure autenticação baseada em identidade.
Name |
Tipo |
Description |
activeDirectoryProperties
|
ActiveDirectoryProperties
|
Necessário se directoryServiceOptions for AD, opcional se forem AADKERB.
|
defaultSharePermission
|
DefaultSharePermission
|
Permissão de partilha predefinida para utilizadores que utilizem a autenticação Kerberos se a função RBAC não estiver atribuída.
|
directoryServiceOptions
|
DirectoryServiceOptions
|
Indica o serviço de diretório utilizado. Tenha em atenção que esta enumeração poderá ser prolongada no futuro.
|
BlobRestoreParameters
Parâmetros de restauro de blobs
Name |
Tipo |
Description |
blobRanges
|
BlobRestoreRange[]
|
Intervalos de blobs a restaurar.
|
timeToRestore
|
string
|
Restaure o blob para a hora especificada.
|
BlobRestoreProgressStatus
O estado do progresso do restauro de blobs. Os valores possíveis são: - InProgress: indica que o restauro do blob está em curso. - Concluído: indica que o restauro do blob foi concluído com êxito. - Falha: indica que o restauro do blob falhou.
Name |
Tipo |
Description |
Complete
|
string
|
|
Failed
|
string
|
|
InProgress
|
string
|
|
BlobRestoreRange
Intervalo de blobs
Name |
Tipo |
Description |
endRange
|
string
|
Intervalo de fim do blob. Isto é exclusivo. Vazio significa fim da conta.
|
startRange
|
string
|
Intervalo de início do blob. Isto é inclusivo. Vazio significa início da conta.
|
BlobRestoreStatus
Estado do restauro de blobs.
Name |
Tipo |
Description |
failureReason
|
string
|
Motivo da falha quando o restauro do blob falha.
|
parameters
|
BlobRestoreParameters
|
Parâmetros do pedido de restauro de blobs.
|
restoreId
|
string
|
ID para controlar o pedido de restauro de blobs.
|
status
|
BlobRestoreProgressStatus
|
O estado do progresso do restauro do blob. Os valores possíveis são: - InProgress: indica que o restauro do blob está em curso. - Concluído: indica que o restauro do blob foi concluído com êxito. - Falha: indica que o restauro do blob falhou.
|
Bypass
Especifica se o tráfego é ignorado para Registo/Métricas/AzureServices. Os valores possíveis são qualquer combinação de Registo|Métricas|AzureServices (por exemplo, "Registo, Métricas" ou Nenhum para ignorar nenhum desses tráfegos.
Name |
Tipo |
Description |
AzureServices
|
string
|
|
Logging
|
string
|
|
Metrics
|
string
|
|
None
|
string
|
|
CustomDomain
O domínio personalizado atribuído a esta conta de armazenamento. Isto pode ser definido através de Atualização.
Name |
Tipo |
Description |
name
|
string
|
Obtém ou define o nome de domínio personalizado atribuído à conta de armazenamento. O nome é a origem CNAME.
|
useSubDomainName
|
boolean
|
Indica se a validação indireta do CName está ativada. O valor predefinido é falso. Esta definição só deve ser definida em atualizações.
|
DefaultAction
Especifica a ação predefinida de permitir ou negar quando nenhuma outra regra corresponde.
Name |
Tipo |
Description |
Allow
|
string
|
|
Deny
|
string
|
|
DefaultSharePermission
Permissão de partilha predefinida para utilizadores que utilizem a autenticação Kerberos se a função RBAC não estiver atribuída.
Name |
Tipo |
Description |
None
|
string
|
|
StorageFileDataSmbShareContributor
|
string
|
|
StorageFileDataSmbShareElevatedContributor
|
string
|
|
StorageFileDataSmbShareReader
|
string
|
|
DirectoryServiceOptions
Indica o serviço de diretório utilizado. Tenha em atenção que esta enum pode ser expandida no futuro.
Name |
Tipo |
Description |
AADDS
|
string
|
|
AADKERB
|
string
|
|
AD
|
string
|
|
None
|
string
|
|
DnsEndpointType
Permite-lhe especificar o tipo de ponto final. Defina esta opção como AzureDNSZone para criar um grande número de contas numa única subscrição, o que cria contas numa Zona DNS do Azure e o URL do ponto final terá um identificador de Zona DNS alfanumérico.
Name |
Tipo |
Description |
AzureDnsZone
|
string
|
|
Standard
|
string
|
|
Encryption
As definições de encriptação na conta de armazenamento.
Name |
Tipo |
Valor Predefinido |
Description |
identity
|
EncryptionIdentity
|
|
A identidade a utilizar com a encriptação do lado do serviço inativa.
|
keySource
|
KeySource
|
Microsoft.Storage
|
A chave de encriptaçãoSource (fornecedor). Valores possíveis (não sensíveis a maiúsculas e minúsculas): Microsoft.Storage, Microsoft.Keyvault
|
keyvaultproperties
|
KeyVaultProperties
|
|
Propriedades fornecidas pelo cofre de chaves.
|
requireInfrastructureEncryption
|
boolean
|
|
Um booleano que indica se o serviço aplica ou não uma camada secundária de encriptação com chaves geridas pela plataforma para dados inativos.
|
services
|
EncryptionServices
|
|
Lista de serviços que suportam a encriptação.
|
EncryptionIdentity
Identidade de encriptação para a conta de armazenamento.
Name |
Tipo |
Description |
federatedIdentityClientId
|
string
|
ClientId da aplicação multi-inquilino a utilizar em conjunto com a identidade atribuída pelo utilizador para encriptação do lado do servidor de chaves geridas pelo cliente entre inquilinos na conta de armazenamento.
|
userAssignedIdentity
|
string
|
Identificador de recursos da identidade UserAssigned a associar à encriptação do lado do servidor na conta de armazenamento.
|
EncryptionService
Um serviço que permite a utilização da encriptação do lado do servidor.
Name |
Tipo |
Description |
enabled
|
boolean
|
Um booleano que indica se o serviço encripta ou não os dados à medida que são armazenados. A encriptação inativa está ativada por predefinição hoje e não pode ser desativada.
|
keyType
|
KeyType
|
Tipo de chave de encriptação a utilizar para o serviço de encriptação. O tipo de chave "Conta" implica que será utilizada uma chave de encriptação no âmbito da conta. O tipo de chave "Serviço" implica que é utilizada uma chave de serviço predefinida.
|
lastEnabledTime
|
string
|
Obtém uma estimativa aproximada da data/hora em que a encriptação foi ativada pela última vez pelo utilizador. Os dados são encriptados inativos por predefinição hoje e não podem ser desativados.
|
EncryptionServices
Uma lista de serviços que suportam a encriptação.
Name |
Tipo |
Description |
blob
|
EncryptionService
|
A função de encriptação do serviço de armazenamento de blobs.
|
file
|
EncryptionService
|
A função de encriptação do serviço de armazenamento de ficheiros.
|
queue
|
EncryptionService
|
A função de encriptação do serviço de armazenamento de filas.
|
table
|
EncryptionService
|
A função de encriptação do serviço de armazenamento de tabelas.
|
Endpoints
Os URIs que são utilizados para efetuar uma obtenção de um objeto de blob, fila, tabela, web ou dfs públicos.
Name |
Tipo |
Description |
blob
|
string
|
Obtém o ponto final do blob.
|
dfs
|
string
|
Obtém o ponto final dfs.
|
file
|
string
|
Obtém o ponto final do ficheiro.
|
internetEndpoints
|
StorageAccountInternetEndpoints
|
Obtém os pontos finais de armazenamento de encaminhamento da Internet
|
microsoftEndpoints
|
StorageAccountMicrosoftEndpoints
|
Obtém os pontos finais de armazenamento de encaminhamento da Microsoft.
|
queue
|
string
|
Obtém o ponto final da fila.
|
table
|
string
|
Obtém o ponto final da tabela.
|
web
|
string
|
Obtém o ponto final da Web.
|
ExpirationAction
A ação de expiração de SAS. Só pode ser Registo.
Name |
Tipo |
Description |
Log
|
string
|
|
ExtendedLocation
O tipo complexo da localização expandida.
Name |
Tipo |
Description |
name
|
string
|
O nome da localização expandida.
|
type
|
ExtendedLocationTypes
|
O tipo de localização expandida.
|
ExtendedLocationTypes
O tipo de localização expandida.
Name |
Tipo |
Description |
EdgeZone
|
string
|
|
GeoReplicationStats
Estatísticas relacionadas com a replicação dos serviços Blob, Tabela, Fila e Ficheiro da conta de armazenamento. Só está disponível quando a replicação georredundante está ativada para a conta de armazenamento.
Name |
Tipo |
Description |
canFailover
|
boolean
|
Um sinalizador booleano que indica se a ativação pós-falha da conta é ou não suportada para a conta.
|
canPlannedFailover
|
boolean
|
Um sinalizador booleano que indica se a ativação pós-falha da conta planeada é ou não suportada para a conta.
|
lastSyncTime
|
string
|
Todas as escritas primárias anteriores a este valor de data/hora UTC têm a garantia de estarem disponíveis para operações de leitura. As escritas primárias que se seguem a este ponto no tempo podem ou não estar disponíveis para leituras. O elemento pode ser o valor predefinido se o valor de LastSyncTime não estiver disponível, tal pode acontecer se o secundário estiver offline ou se estivermos no bootstrap.
|
postFailoverRedundancy
|
postFailoverRedundancy
|
O tipo de redundância da conta após a ativação pós-falha de uma conta ser efetuada.
|
postPlannedFailoverRedundancy
|
postPlannedFailoverRedundancy
|
O tipo de redundância da conta após a ativação pós-falha de uma conta planeada ser efetuada.
|
status
|
GeoReplicationStatus
|
O estado da localização secundária. Os valores possíveis são: - Em direto: indica que a localização secundária está ativa e operacional. - Bootstrap: indica que a sincronização inicial da localização primária para a localização secundária está em curso. Normalmente, isto ocorre quando a replicação é ativada pela primeira vez. - Indisponível: indica que a localização secundária está temporariamente indisponível.
|
GeoReplicationStatus
O estado da localização secundária. Os valores possíveis são: - Em direto: indica que a localização secundária está ativa e operacional. - Bootstrap: indica que a sincronização inicial da localização primária para a localização secundária está em curso. Normalmente, isto ocorre quando a replicação é ativada pela primeira vez. - Indisponível: indica que a localização secundária está temporariamente indisponível.
Name |
Tipo |
Description |
Bootstrap
|
string
|
|
Live
|
string
|
|
Unavailable
|
string
|
|
Identity
Identidade do recurso.
Name |
Tipo |
Description |
principalId
|
string
|
O ID principal da identidade do recurso.
|
tenantId
|
string
|
O ID de inquilino do recurso.
|
type
|
IdentityType
|
O tipo de identidade.
|
userAssignedIdentities
|
<string,
UserAssignedIdentity>
|
Obtém ou define uma lista de pares chave-valor que descrevem o conjunto de identidades Atribuídas pelo Utilizador que serão utilizadas com esta conta de armazenamento. A chave é o identificador do recurso arm da identidade. Só é permitida 1 identidade atribuída pelo utilizador aqui.
|
IdentityType
O tipo de identidade.
Name |
Tipo |
Description |
None
|
string
|
|
SystemAssigned
|
string
|
|
SystemAssigned,UserAssigned
|
string
|
|
UserAssigned
|
string
|
|
ImmutableStorageAccount
Esta propriedade ativa e define a imutabilidade ao nível da conta. Ativar a funcionalidade ativa automaticamente o Controlo de Versões de Blobs.
Name |
Tipo |
Description |
enabled
|
boolean
|
Um sinalizador booleano que permite a imutabilidade ao nível da conta. Todos os contentores nessa conta têm a imutabilidade ao nível do objeto ativada por predefinição.
|
immutabilityPolicy
|
AccountImmutabilityPolicyProperties
|
Especifica a política de imutabilidade ao nível da conta predefinida que é herdada e aplicada a objetos que não possuem uma política de imutabilidade explícita ao nível do objeto. A política de imutabilidade ao nível do objeto tem uma precedência superior à política de imutabilidade ao nível do contentor, que tem uma precedência superior à política de imutabilidade ao nível da conta.
|
IPRule
Regra ip com intervalo ip ou IP específico no formato CIDR.
Name |
Tipo |
Valor Predefinido |
Description |
action
|
Action
|
Allow
|
A ação da regra da ACL IP.
|
value
|
string
|
|
Especifica o intervalo IP ou IP no formato CIDR. Só é permitido o endereço IPV4.
|
KeyCreationTime
Tempo de criação das chaves da conta de armazenamento.
Name |
Tipo |
Description |
key1
|
string
|
|
key2
|
string
|
|
KeyPolicy
KeyPolicy atribuído à conta de armazenamento.
Name |
Tipo |
Description |
keyExpirationPeriodInDays
|
integer
|
O período de expiração da chave em dias.
|
KeySource
A chave de encriptaçãoSource (fornecedor). Valores possíveis (não sensíveis a maiúsculas e minúsculas): Microsoft.Storage, Microsoft.Keyvault
Name |
Tipo |
Description |
Microsoft.Keyvault
|
string
|
|
Microsoft.Storage
|
string
|
|
KeyType
Tipo de chave de encriptação a utilizar para o serviço de encriptação. O tipo de chave "Conta" implica que será utilizada uma chave de encriptação no âmbito da conta. O tipo de chave "Serviço" implica que é utilizada uma chave de serviço predefinida.
Name |
Tipo |
Description |
Account
|
string
|
|
Service
|
string
|
|
KeyVaultProperties
Propriedades do cofre de chaves.
Name |
Tipo |
Description |
currentVersionedKeyExpirationTimestamp
|
string
|
Esta é uma propriedade só de leitura que representa o tempo de expiração da versão atual da chave gerida pelo cliente utilizada para encriptação.
|
currentVersionedKeyIdentifier
|
string
|
O identificador de objeto da chave de Key Vault com versão atual em utilização.
|
keyname
|
string
|
O nome da chave KeyVault.
|
keyvaulturi
|
string
|
O URI de KeyVault.
|
keyversion
|
string
|
A versão da chave KeyVault.
|
lastKeyRotationTimestamp
|
string
|
Carimbo de data/hora da última rotação da Chave de Key Vault.
|
Kind
Indica o tipo de conta de armazenamento.
Name |
Tipo |
Description |
BlobStorage
|
string
|
|
BlockBlobStorage
|
string
|
|
FileStorage
|
string
|
|
Storage
|
string
|
|
StorageV2
|
string
|
|
LargeFileSharesState
Permitir partilhas de ficheiros grandes se estiver configurada como Ativado. Não pode ser desativado depois de estar ativado.
Name |
Tipo |
Description |
Disabled
|
string
|
|
Enabled
|
string
|
|
MinimumTlsVersion
Defina a versão mínima do TLS a ser permitida nos pedidos para o armazenamento. A interpretação predefinida é TLS 1.0 para esta propriedade.
Name |
Tipo |
Description |
TLS1_0
|
string
|
|
TLS1_1
|
string
|
|
TLS1_2
|
string
|
|
NetworkRuleSet
Conjunto de regras de rede
Name |
Tipo |
Valor Predefinido |
Description |
bypass
|
Bypass
|
AzureServices
|
Especifica se o tráfego é ignorado para Registo/Métricas/AzureServices. Os valores possíveis são qualquer combinação de Registo|Métricas|AzureServices (por exemplo, "Registo, Métricas" ou Nenhum para ignorar nenhum desses tráfegos.
|
defaultAction
|
DefaultAction
|
Allow
|
Especifica a ação predefinida de permitir ou negar quando não existem outras regras correspondentes.
|
ipRules
|
IPRule[]
|
|
Define as regras da ACL de IP
|
resourceAccessRules
|
ResourceAccessRule[]
|
|
Define as regras de acesso a recursos
|
virtualNetworkRules
|
VirtualNetworkRule[]
|
|
Define as regras de rede virtual
|
postFailoverRedundancy
O tipo de redundância da conta após a ativação pós-falha de uma conta ser efetuada.
Name |
Tipo |
Description |
Standard_LRS
|
string
|
|
Standard_ZRS
|
string
|
|
postPlannedFailoverRedundancy
O tipo de redundância da conta após a ativação pós-falha de uma conta planeada ser efetuada.
Name |
Tipo |
Description |
Standard_GRS
|
string
|
|
Standard_GZRS
|
string
|
|
Standard_RAGRS
|
string
|
|
Standard_RAGZRS
|
string
|
|
PrivateEndpoint
O recurso do Ponto Final Privado.
Name |
Tipo |
Description |
id
|
string
|
O identificador arm para o Ponto Final Privado
|
PrivateEndpointConnection
O recurso Ligação de Ponto Final Privado.
Name |
Tipo |
Description |
id
|
string
|
ID de recurso completamente qualificado para o recurso. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
name
|
string
|
O nome do recurso
|
properties.privateEndpoint
|
PrivateEndpoint
|
O recurso do ponto final privado.
|
properties.privateLinkServiceConnectionState
|
PrivateLinkServiceConnectionState
|
Uma coleção de informações sobre o estado da ligação entre o consumidor e o fornecedor de serviços.
|
properties.provisioningState
|
PrivateEndpointConnectionProvisioningState
|
O estado de aprovisionamento do recurso de ligação de ponto final privado.
|
type
|
string
|
O tipo de recurso. Por exemplo, "Microsoft.Compute/virtualMachines" ou "Microsoft.Storage/storageAccounts"
|
PrivateEndpointConnectionProvisioningState
O estado de aprovisionamento atual.
Name |
Tipo |
Description |
Creating
|
string
|
|
Deleting
|
string
|
|
Failed
|
string
|
|
Succeeded
|
string
|
|
PrivateEndpointServiceConnectionStatus
O estado da ligação do ponto final privado.
Name |
Tipo |
Description |
Approved
|
string
|
|
Pending
|
string
|
|
Rejected
|
string
|
|
PrivateLinkServiceConnectionState
Uma coleção de informações sobre o estado da ligação entre o consumidor e o fornecedor do serviço.
Name |
Tipo |
Description |
actionRequired
|
string
|
Uma mensagem a indicar se as alterações no fornecedor de serviços requerem atualizações no consumidor.
|
description
|
string
|
O motivo da aprovação/rejeição da ligação.
|
status
|
PrivateEndpointServiceConnectionStatus
|
Indica se a ligação foi Aprovada/Rejeitada/Removida pelo proprietário do serviço.
|
ProvisioningState
Obtém o estado da conta de armazenamento no momento em que a operação foi chamada.
Name |
Tipo |
Description |
Creating
|
string
|
|
ResolvingDNS
|
string
|
|
Succeeded
|
string
|
|
PublicNetworkAccess
Permitir ou não permitir o acesso da rede pública à Conta de Armazenamento. O valor é opcional, mas se for transmitido, tem de ser "Ativado" ou "Desativado".
Name |
Tipo |
Description |
Disabled
|
string
|
|
Enabled
|
string
|
|
ResourceAccessRule
Regra de Acesso a Recursos.
Name |
Tipo |
Description |
resourceId
|
string
|
ID do Recurso
|
tenantId
|
string
|
ID do Inquilino
|
RoutingChoice
A Escolha de Encaminhamento define o tipo de encaminhamento de rede que o utilizador optou.
Name |
Tipo |
Description |
InternetRouting
|
string
|
|
MicrosoftRouting
|
string
|
|
RoutingPreference
A preferência de encaminhamento define o tipo de rede, quer seja o encaminhamento da Microsoft ou da Internet a utilizar para fornecer os dados do utilizador. A opção predefinida é o encaminhamento da Microsoft
Name |
Tipo |
Description |
publishInternetEndpoints
|
boolean
|
Um sinalizador booleano que indica se os pontos finais de armazenamento de encaminhamento da Internet devem ser publicados
|
publishMicrosoftEndpoints
|
boolean
|
Um sinalizador booleano que indica se os pontos finais de armazenamento de encaminhamento da Microsoft devem ser publicados
|
routingChoice
|
RoutingChoice
|
A Escolha de Encaminhamento define o tipo de encaminhamento de rede que o utilizador optou.
|
SasPolicy
SasPolicy atribuída à conta de armazenamento.
Name |
Tipo |
Valor Predefinido |
Description |
expirationAction
|
ExpirationAction
|
Log
|
A ação de expiração de SAS. Só pode ser Log.
|
sasExpirationPeriod
|
string
|
|
O período de expiração de SAS, DD.HH:MM:SS.
|
Sku
O SKU da conta de armazenamento.
Name |
Tipo |
Description |
name
|
SkuName
|
O nome do SKU. Necessário para a criação da conta; opcional para atualização. Tenha em atenção que em versões mais antigas, o nome do SKU chamava-se accountType.
|
tier
|
SkuTier
|
O escalão de SKU. Isto baseia-se no nome do SKU.
|
SkuConversionStatus
Esta propriedade indica o estado de conversão do SKU atual.
Name |
Tipo |
Description |
Failed
|
string
|
|
InProgress
|
string
|
|
Succeeded
|
string
|
|
SkuName
O nome do SKU. Necessário para a criação da conta; opcional para atualização. Tenha em atenção que em versões mais antigas, o nome do SKU chamava-se accountType.
Name |
Tipo |
Description |
Premium_LRS
|
string
|
|
Premium_ZRS
|
string
|
|
Standard_GRS
|
string
|
|
Standard_GZRS
|
string
|
|
Standard_LRS
|
string
|
|
Standard_RAGRS
|
string
|
|
Standard_RAGZRS
|
string
|
|
Standard_ZRS
|
string
|
|
SkuTier
O escalão de SKU. Isto baseia-se no nome do SKU.
Name |
Tipo |
Description |
Premium
|
string
|
|
Standard
|
string
|
|
State
Obtém o estado da regra de rede virtual.
Name |
Tipo |
Description |
Deprovisioning
|
string
|
|
Failed
|
string
|
|
NetworkSourceDeleted
|
string
|
|
Provisioning
|
string
|
|
Succeeded
|
string
|
|
StorageAccount
A conta de armazenamento.
Name |
Tipo |
Description |
extendedLocation
|
ExtendedLocation
|
A extendedLocation do recurso.
|
id
|
string
|
ID de recurso completamente qualificado para o recurso. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
identity
|
Identity
|
A identidade do recurso.
|
kind
|
Kind
|
Obtém o Tipo.
|
location
|
string
|
A localização geográfica onde reside o recurso
|
name
|
string
|
O nome do recurso
|
properties.accessTier
|
AccessTier
|
Necessário para contas de armazenamento em que kind = BlobStorage. A camada de acesso é utilizada para faturação. A camada de acesso "Premium" é o valor predefinido para o tipo de conta de armazenamento de blobs de blocos premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de blocos premium.
|
properties.accountMigrationInProgress
|
boolean
|
Se a migração da conta iniciada pelo cliente estiver em curso, o valor será verdadeiro caso contrário será nulo.
|
properties.allowBlobPublicAccess
|
boolean
|
Permitir ou não permitir o acesso público a todos os blobs ou contentores na conta de armazenamento. A interpretação predefinida é falsa para esta propriedade.
|
properties.allowCrossTenantReplication
|
boolean
|
Permitir ou não permitir a replicação de objetos de inquilino do AAD. Defina esta propriedade como verdadeira para contas novas ou existentes apenas se as políticas de replicação de objetos envolverem contas de armazenamento em diferentes inquilinos do AAD. A interpretação predefinida é falsa para as novas contas seguirem as melhores práticas de segurança por predefinição.
|
properties.allowSharedKeyAccess
|
boolean
|
Indica se a conta de armazenamento permite que os pedidos sejam autorizados com a chave de acesso da conta através da Chave Partilhada. Se for falso, todos os pedidos, incluindo assinaturas de acesso partilhado, têm de ser autorizados com o Azure Active Directory (Azure AD). O valor predefinido é nulo, o que é equivalente a verdadeiro.
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restringir a cópia de e para Contas de Armazenamento num inquilino do AAD ou com Ligações Privadas para a mesma VNet.
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Fornece as definições de autenticação baseada em identidade para Ficheiros do Azure.
|
properties.blobRestoreStatus
|
BlobRestoreStatus
|
Estado do restauro do blob
|
properties.creationTime
|
string
|
Obtém a data e hora de criação da conta de armazenamento em UTC.
|
properties.customDomain
|
CustomDomain
|
Obtém o domínio personalizado que o utilizador atribui a esta conta de armazenamento.
|
properties.defaultToOAuthAuthentication
|
boolean
|
Um sinalizador booleano que indica se a autenticação predefinida é ou não OAuth. A interpretação predefinida é falsa para esta propriedade.
|
properties.dnsEndpointType
|
DnsEndpointType
|
Permite-lhe especificar o tipo de ponto final. Defina esta opção como AzureDNSZone para criar um grande número de contas numa única subscrição, o que cria contas numa Zona DNS do Azure e o URL do ponto final terá um identificador de Zona DNS alfanumérico.
|
properties.encryption
|
Encryption
|
Definições de encriptação a utilizar para encriptação do lado do servidor para a conta de armazenamento.
|
properties.failoverInProgress
|
boolean
|
Se a ativação pós-falha estiver em curso, o valor será verdadeiro, caso contrário, será nulo.
|
properties.geoReplicationStats
|
GeoReplicationStats
|
Estatísticas de Georreplicação
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
A propriedade é imutável e só pode ser definida como verdadeira no momento da criação da conta. Quando definido como verdadeiro, ativa a imutabilidade ao nível do objeto para todos os contentores na conta por predefinição.
|
properties.isHnsEnabled
|
boolean
|
Account HierarchicalNamespace ativado se definido como verdadeiro.
|
properties.isLocalUserEnabled
|
boolean
|
Ativa a funcionalidade de utilizadores locais, se definida como verdadeira
|
properties.isNfsV3Enabled
|
boolean
|
Suporte do protocolo NFS 3.0 ativado se estiver definido como verdadeiro.
|
properties.isSftpEnabled
|
boolean
|
Ativa o Protocolo de Transferência de Ficheiros Seguro, se definido como verdadeiro
|
properties.isSkuConversionBlocked
|
boolean
|
Esta propriedade será definida como true ou false num evento de migração em curso. O valor predefinido é nulo.
|
properties.keyCreationTime
|
KeyCreationTime
|
Tempo de criação das chaves da conta de armazenamento.
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Permitir partilhas de ficheiros grandes se estiver configurada como Ativada. Não pode ser desativada depois de estar ativada.
|
properties.lastGeoFailoverTime
|
string
|
Obtém o carimbo de data/hora da instância mais recente de uma ativação pós-falha para a localização secundária. Apenas o carimbo de data/hora mais recente é retido. Este elemento não é devolvido se nunca tiver havido uma instância de ativação pós-falha. Apenas disponível se o accountType for Standard_GRS ou Standard_RAGRS.
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Defina a versão mínima do TLS a ser permitida nos pedidos de armazenamento. A interpretação predefinida é TLS 1.0 para esta propriedade.
|
properties.networkAcls
|
NetworkRuleSet
|
Conjunto de regras de rede
|
properties.primaryEndpoints
|
Endpoints
|
Obtém os URLs que são utilizados para efetuar a obtenção de um objeto público de blob, fila ou tabela. Tenha em atenção que Standard_ZRS e Premium_LRS contas devolvem apenas o ponto final do blob.
|
properties.primaryLocation
|
string
|
Obtém a localização do datacenter primário da conta de armazenamento.
|
properties.privateEndpointConnections
|
PrivateEndpointConnection[]
|
Lista de ligações de pontos finais privados associadas à conta de armazenamento especificada
|
properties.provisioningState
|
ProvisioningState
|
Obtém o estado da conta de armazenamento no momento em que a operação foi chamada.
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Permitir ou não permitir o acesso de rede pública à Conta de Armazenamento. O valor é opcional, mas, se for transmitido, tem de ser "Ativado" ou "Desativado".
|
properties.routingPreference
|
RoutingPreference
|
Mantém informações sobre a opção de encaminhamento de rede que o utilizador optou pela transferência de dados
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy atribuída à conta de armazenamento.
|
properties.secondaryEndpoints
|
Endpoints
|
Obtém os URLs que são utilizados para efetuar a obtenção de um objeto público de blob, fila ou tabela a partir da localização secundária da conta de armazenamento. Apenas disponível se o nome do SKU for Standard_RAGRS.
|
properties.secondaryLocation
|
string
|
Obtém a localização da secundária georreplicada para a conta de armazenamento. Apenas disponível se o accountType for Standard_GRS ou Standard_RAGRS.
|
properties.statusOfPrimary
|
AccountStatus
|
Obtém o estado que indica se a localização primária da conta de armazenamento está disponível ou indisponível.
|
properties.statusOfSecondary
|
AccountStatus
|
Obtém o estado que indica se a localização secundária da conta de armazenamento está disponível ou indisponível. Apenas disponível se o nome do SKU for Standard_GRS ou Standard_RAGRS.
|
properties.storageAccountSkuConversionStatus
|
StorageAccountSkuConversionStatus
|
Esta propriedade é readOnly e é definida pelo servidor durante operações de conversão de SKU da conta de armazenamento assíncrona.
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Permite tráfego https apenas para o serviço de armazenamento se for definido como verdadeiro.
|
sku
|
Sku
|
Obtém o SKU.
|
tags
|
object
|
Etiquetas de recursos.
|
type
|
string
|
O tipo do recurso. Por exemplo, "Microsoft.Compute/virtualMachines" ou "Microsoft.Storage/storageAccounts"
|
StorageAccountInternetEndpoints
Os URIs utilizados para efetuar a obtenção de um objeto público de blob, ficheiro, Web ou dfs através de um ponto final de encaminhamento da Internet.
Name |
Tipo |
Description |
blob
|
string
|
Obtém o ponto final do blob.
|
dfs
|
string
|
Obtém o ponto final dfs.
|
file
|
string
|
Obtém o ponto final do ficheiro.
|
web
|
string
|
Obtém o ponto final Web.
|
StorageAccountMicrosoftEndpoints
Os URIs utilizados para efetuar a obtenção de um objeto público de blob, fila, tabela, Web ou dfs através de um ponto final de encaminhamento da Microsoft.
Name |
Tipo |
Description |
blob
|
string
|
Obtém o ponto final do blob.
|
dfs
|
string
|
Obtém o ponto final dfs.
|
file
|
string
|
Obtém o ponto final do ficheiro.
|
queue
|
string
|
Obtém o ponto final da fila.
|
table
|
string
|
Obtém o ponto final da tabela.
|
web
|
string
|
Obtém o ponto final Web.
|
StorageAccountSkuConversionStatus
Isto define o objeto de estado de conversão de sku para conversões de sku assíncronas.
Name |
Tipo |
Description |
endTime
|
string
|
Esta propriedade representa a hora de fim da conversão de SKU.
|
skuConversionStatus
|
SkuConversionStatus
|
Esta propriedade indica o estado de conversão do sku atual.
|
startTime
|
string
|
Esta propriedade representa a hora de início da conversão de SKU.
|
targetSkuName
|
SkuName
|
Esta propriedade representa o nome do SKU de destino para o qual o SKU da conta está a ser convertido de forma assíncrona.
|
StorageAccountUpdateParameters
Os parâmetros que podem ser fornecidos ao atualizar as propriedades da conta de armazenamento.
Name |
Tipo |
Description |
identity
|
Identity
|
A identidade do recurso.
|
kind
|
Kind
|
Opcional. Indica o tipo de conta de armazenamento. Atualmente, apenas o valor StorageV2 é suportado pelo servidor.
|
properties.accessTier
|
AccessTier
|
Necessário para contas de armazenamento em que kind = BlobStorage. A camada de acesso é utilizada para faturação. A camada de acesso "Premium" é o valor predefinido para o tipo de conta de armazenamento de blobs de blocos premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de blocos premium.
|
properties.allowBlobPublicAccess
|
boolean
|
Permitir ou não permitir o acesso público a todos os blobs ou contentores na conta de armazenamento. A interpretação predefinida é falsa para esta propriedade.
|
properties.allowCrossTenantReplication
|
boolean
|
Permitir ou não permitir a replicação de objetos de inquilino do AAD. Defina esta propriedade como verdadeira para contas novas ou existentes apenas se as políticas de replicação de objetos envolverem contas de armazenamento em diferentes inquilinos do AAD. A interpretação predefinida é falsa para as novas contas seguirem as melhores práticas de segurança por predefinição.
|
properties.allowSharedKeyAccess
|
boolean
|
Indica se a conta de armazenamento permite que os pedidos sejam autorizados com a chave de acesso da conta através da Chave Partilhada. Se for falso, todos os pedidos, incluindo assinaturas de acesso partilhado, têm de ser autorizados com o Azure Active Directory (Azure AD). O valor predefinido é nulo, o que é equivalente a verdadeiro.
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restringir a cópia de e para Contas de Armazenamento num inquilino do AAD ou com Ligações Privadas para a mesma VNet.
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Fornece as definições de autenticação baseada em identidade para Ficheiros do Azure.
|
properties.customDomain
|
CustomDomain
|
Domínio personalizado atribuído à conta de armazenamento pelo utilizador. O nome é a origem CNAME. Neste momento, só é suportado um domínio personalizado por conta de armazenamento. Para limpar o domínio personalizado existente, utilize uma cadeia vazia para a propriedade de nome de domínio personalizado.
|
properties.defaultToOAuthAuthentication
|
boolean
|
Um sinalizador booleano que indica se a autenticação predefinida é ou não OAuth. A interpretação predefinida é falsa para esta propriedade.
|
properties.dnsEndpointType
|
DnsEndpointType
|
Permite-lhe especificar o tipo de ponto final. Defina esta opção como AzureDNSZone para criar um grande número de contas numa única subscrição, o que cria contas numa Zona DNS do Azure e o URL do ponto final terá um identificador de Zona DNS alfanumérico.
|
properties.encryption
|
Encryption
|
Não aplicável. A encriptação de Armazenamento do Azure inativa está ativada por predefinição para todas as contas de armazenamento e não pode ser desativada.
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
A propriedade é imutável e só pode ser definida como verdadeira no momento da criação da conta. Quando definido como verdadeiro, ativa a imutabilidade ao nível do objeto para todos os contentores na conta por predefinição.
|
properties.isLocalUserEnabled
|
boolean
|
Ativa a funcionalidade de utilizadores locais, se definida como verdadeira
|
properties.isSftpEnabled
|
boolean
|
Ativa o Protocolo de Transferência de Ficheiros Seguro, se definido como verdadeiro
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Permitir partilhas de ficheiros grandes se estiver configurada como Ativada. Não pode ser desativada depois de estar ativada.
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Defina a versão mínima do TLS a ser permitida nos pedidos de armazenamento. A interpretação predefinida é TLS 1.0 para esta propriedade.
|
properties.networkAcls
|
NetworkRuleSet
|
Conjunto de regras de rede
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Permitir ou não permitir o acesso de rede pública à Conta de Armazenamento. O valor é opcional, mas, se for transmitido, tem de ser "Ativado" ou "Desativado".
|
properties.routingPreference
|
RoutingPreference
|
Mantém informações sobre a opção de encaminhamento de rede que o utilizador optou pela transferência de dados
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy atribuída à conta de armazenamento.
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Permite tráfego https apenas para o serviço de armazenamento se for definido como verdadeiro.
|
sku
|
Sku
|
Obtém ou define o nome do SKU. Tenha em atenção que o nome do SKU não pode ser atualizado para Standard_ZRS, Premium_LRS ou Premium_ZRS, nem as contas desses nomes de SKU podem ser atualizadas para qualquer outro valor.
|
tags
|
object
|
Obtém ou define uma lista de pares chave-valor que descrevem o recurso. Estas etiquetas podem ser utilizadas para ver e agrupar este recurso (entre grupos de recursos). Pode ser fornecido um máximo de 15 etiquetas para um recurso. Cada etiqueta não tem de ter uma chave com um comprimento superior a 128 carateres e um valor não maior em comprimento do que 256 carateres.
|
UserAssignedIdentity
UserAssignedIdentity para o recurso.
Name |
Tipo |
Description |
clientId
|
string
|
O ID de cliente da identidade.
|
principalId
|
string
|
O ID principal da identidade.
|
VirtualNetworkRule
Rede Virtual regra.
Name |
Tipo |
Valor Predefinido |
Description |
action
|
Action
|
Allow
|
A ação da regra de rede virtual.
|
id
|
string
|
|
ID de recurso de uma sub-rede, por exemplo: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.
|
state
|
State
|
|
Obtém o estado da regra de rede virtual.
|