A operação de atualização pode ser usada para atualizar a SKU, a criptografia, a camada de acesso ou as tags de uma conta de armazenamento. Ele também pode ser usado para mapear a conta para um domínio personalizado. Apenas um domínio personalizado é suportado por conta de armazenamento; A substituição/alteração de domínio personalizado não é suportada. Para substituir um domínio personalizado antigo, o valor antigo deve ser limpo/não registrado antes que um novo valor possa ser definido. A atualização de várias propriedades é suportada. Esta chamada não altera as chaves de armazenamento da conta. Se quiser alterar as chaves da conta de armazenamento, use a operação regenerar chaves. O local e o nome da conta de armazenamento não podem ser alterados após a criação.
PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2023-05-01
Parâmetros do URI
| Name |
Em |
Necessário |
Tipo |
Description |
|
accountName
|
path |
True
|
string
|
O nome da conta de armazenamento dentro do grupo de recursos especificado. Os nomes das contas de armazenamento devem ter entre 3 e 24 caracteres e usar apenas números e letras minúsculas.
Padrão Regex: ^[a-z0-9]+$
|
|
resourceGroupName
|
path |
True
|
string
|
O nome do grupo de recursos dentro da assinatura do usuário. O nome não diferencia maiúsculas de minúsculas.
Padrão Regex: ^[-\w\._\(\)]+$
|
|
subscriptionId
|
path |
True
|
string
|
A ID da assinatura de destino.
|
|
api-version
|
query |
True
|
string
|
A versão da API a ser usada para esta operação.
|
Corpo do Pedido
| Name |
Tipo |
Description |
|
identity
|
Identity
|
A identidade do recurso.
|
|
kind
|
Kind
|
Opcional. Indica o tipo de conta de armazenamento. Atualmente, apenas o valor StorageV2 suportado pelo servidor.
|
|
properties.accessTier
|
AccessTier
|
Necessário para contas de armazenamento onde kind = BlobStorage. A camada de acesso é usada para faturamento. A camada de acesso 'Premium' é o valor padrão para o tipo de conta de armazenamento de blobs de bloco premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de bloco premium.
|
|
properties.allowBlobPublicAccess
|
boolean
|
Permitir ou não permitir o acesso público a todos os blobs ou contêineres na conta de armazenamento. A interpretação padrão é falsa para esta propriedade.
|
|
properties.allowCrossTenantReplication
|
boolean
|
Permitir ou não permitir replicação de objeto de locatário entre AAD. Defina essa propriedade como true para contas novas ou existentes somente se as políticas de replicação de objetos envolverem contas de armazenamento em diferentes locatários do AAD. A interpretação padrão é falsa para que novas contas sigam as melhores práticas de segurança por padrão.
|
|
properties.allowSharedKeyAccess
|
boolean
|
Indica se a conta de armazenamento permite que as solicitações sejam autorizadas com a chave de acesso da conta por meio da Chave Compartilhada. Se false, todas as solicitações, incluindo assinaturas de acesso compartilhado, devem ser autorizadas com o Azure Ative Directory (Azure AD). O valor padrão é null, que é equivalente a true.
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restrinja a cópia de e para Contas de Armazenamento dentro de um locatário do AAD ou com Links Privados para a mesma VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Fornece as configurações de autenticação baseada em identidade para Arquivos do Azure.
|
|
properties.customDomain
|
CustomDomain
|
Domínio personalizado atribuído à conta de armazenamento pelo usuário. Nome é a fonte CNAME. Apenas um domínio personalizado é suportado por conta de armazenamento no momento. Para limpar o domínio personalizado existente, use uma cadeia de caracteres vazia para a propriedade de nome de domínio personalizado.
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
Um sinalizador booleano que indica se a autenticação padrão é OAuth ou não. A interpretação padrão é falsa para esta propriedade.
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
Permite especificar o tipo de ponto de extremidade. Defina isso como AzureDNSZone para criar um grande número de contas em uma única assinatura, que cria contas em uma Zona DNS do Azure e a URL do ponto de extremidade terá um identificador alfanumérico de Zona DNS.
|
|
properties.enableExtendedGroups
|
boolean
|
Habilita o suporte estendido a grupos com o recurso de usuários locais, se definido como true
|
|
properties.encryption
|
Encryption
|
Não aplicável. A criptografia do Armazenamento do Azure em repouso é habilitada por padrão para todas as contas de armazenamento e não pode ser desabilitada.
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
A propriedade é imutável e só pode ser definida como true no momento da criação da conta. Quando definido como true, ele habilita a imutabilidade no nível do objeto para todos os contêineres na conta por padrão.
|
|
properties.isLocalUserEnabled
|
boolean
|
Habilita o recurso de usuários locais, se definido como true
|
|
properties.isSftpEnabled
|
boolean
|
Habilita o Protocolo de Transferência Segura de Arquivos, se definido como true
|
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Permita compartilhamentos de arquivos grandes se definido como Habilitado. Ele não pode ser desativado uma vez que está ativado.
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Defina a versão mínima do TLS a ser permitida em solicitações de armazenamento. A interpretação padrão é TLS 1.0 para esta propriedade.
|
|
properties.networkAcls
|
NetworkRuleSet
|
Conjunto de regras de rede
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Permitir, não permitir ou permitir a configuração do Perímetro de Segurança de Rede para avaliar o acesso à rede pública à Conta de Armazenamento. O valor é opcional, mas se passado, deve ser 'Enabled', 'Disabled' ou 'SecuredByPerimeter'.
|
|
properties.routingPreference
|
RoutingPreference
|
Mantém informações sobre a opção de roteamento de rede escolhida pelo usuário para transferência de dados
|
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy atribuído à conta de armazenamento.
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Permite tráfego https somente para o serviço de armazenamento se definido como true.
|
|
sku
|
Sku
|
Obtém ou define o nome da SKU. Observe que o nome SKU não pode ser atualizado para Standard_ZRS, Premium_LRS ou Premium_ZRS, nem as contas desses nomes de SKU podem ser atualizadas para qualquer outro valor.
|
|
tags
|
object
|
Obtém ou define uma lista de pares de valores de chave que descrevem o recurso. Essas tags podem ser usadas para visualizar e agrupar esse recurso (entre grupos de recursos). Um máximo de 15 tags podem ser fornecidas para um recurso. Cada tag deve ter uma chave de comprimento não superior a 128 caracteres e um valor não superior a 256 caracteres.
|
Respostas
| Name |
Tipo |
Description |
|
200 OK
|
StorageAccount
|
OK -- propriedades da conta de armazenamento atualizadas com êxito.
|
Segurança
azure_auth
Azure Ative Directory OAuth2 Flow
Tipo:
oauth2
Fluxo:
implicit
URL de Autorização:
https://login.microsoftonline.com/common/oauth2/authorize
Âmbitos
| Name |
Description |
|
user_impersonation
|
personificar a sua conta de utilizador
|
Exemplos
StorageAccountEnableAD
Pedido de amostra
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"azureFilesIdentityBasedAuthentication": {
"directoryServiceOptions": "AD",
"activeDirectoryProperties": {
"domainName": "adtest.com",
"netBiosDomainName": "adtest.com",
"forestName": "adtest.com",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"samAccountName": "sam12498",
"accountType": "User"
}
}
}
}
import com.azure.resourcemanager.storage.models.ActiveDirectoryProperties;
import com.azure.resourcemanager.storage.models.ActiveDirectoryPropertiesAccountType;
import com.azure.resourcemanager.storage.models.AzureFilesIdentityBasedAuthentication;
import com.azure.resourcemanager.storage.models.DirectoryServiceOptions;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
*/
/**
* Sample code: StorageAccountEnableAD.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountEnableAD(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters().withAzureFilesIdentityBasedAuthentication(
new AzureFilesIdentityBasedAuthentication().withDirectoryServiceOptions(DirectoryServiceOptions.AD)
.withActiveDirectoryProperties(new ActiveDirectoryProperties().withDomainName("adtest.com")
.withNetBiosDomainName("adtest.com").withForestName("adtest.com")
.withDomainGuid("aebfc118-9fa9-4732-a21f-d98e41a77ae1")
.withDomainSid("S-1-5-21-2400535526-2334094090-2402026252")
.withAzureStorageSid("S-1-5-21-2400535526-2334094090-2402026252-0012")
.withSamAccountName("sam12498").withAccountType(ActiveDirectoryPropertiesAccountType.USER))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_enable_ad.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"azureFilesIdentityBasedAuthentication": {
"activeDirectoryProperties": {
"accountType": "User",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainName": "adtest.com",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"forestName": "adtest.com",
"netBiosDomainName": "adtest.com",
"samAccountName": "sam12498",
},
"directoryServiceOptions": "AD",
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
func ExampleAccountsClient_Update_storageAccountEnableAd() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AzureFilesIdentityBasedAuthentication: &armstorage.AzureFilesIdentityBasedAuthentication{
ActiveDirectoryProperties: &armstorage.ActiveDirectoryProperties{
AccountType: to.Ptr(armstorage.ActiveDirectoryPropertiesAccountTypeUser),
AzureStorageSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252-0012"),
DomainGUID: to.Ptr("aebfc118-9fa9-4732-a21f-d98e41a77ae1"),
DomainName: to.Ptr("adtest.com"),
DomainSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252"),
ForestName: to.Ptr("adtest.com"),
NetBiosDomainName: to.Ptr("adtest.com"),
SamAccountName: to.Ptr("sam12498"),
},
DirectoryServiceOptions: to.Ptr(armstorage.DirectoryServiceOptionsAD),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AzureFilesIdentityBasedAuthentication: &armstorage.AzureFilesIdentityBasedAuthentication{
// ActiveDirectoryProperties: &armstorage.ActiveDirectoryProperties{
// AccountType: to.Ptr(armstorage.ActiveDirectoryPropertiesAccountTypeUser),
// AzureStorageSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252-0012"),
// DomainGUID: to.Ptr("aebfc118-9fa9-4732-a21f-d98e41a77ae1"),
// DomainName: to.Ptr("adtest.com"),
// DomainSid: to.Ptr("S-1-5-21-2400535526-2334094090-2402026252"),
// ForestName: to.Ptr("adtest.com"),
// NetBiosDomainName: to.Ptr("adtest.com"),
// SamAccountName: to.Ptr("sam12498"),
// },
// DirectoryServiceOptions: to.Ptr(armstorage.DirectoryServiceOptionsAD),
// },
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
*/
async function storageAccountEnableAd() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
azureFilesIdentityBasedAuthentication: {
activeDirectoryProperties: {
accountType: "User",
azureStorageSid: "S-1-5-21-2400535526-2334094090-2402026252-0012",
domainGuid: "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
domainName: "adtest.com",
domainSid: "S-1-5-21-2400535526-2334094090-2402026252",
forestName: "adtest.com",
netBiosDomainName: "adtest.com",
samAccountName: "sam12498",
},
directoryServiceOptions: "AD",
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableAD.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://video2.skills-academy.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
AzureFilesIdentityBasedAuthentication = new FilesIdentityBasedAuthentication(DirectoryServiceOption.AD)
{
ActiveDirectoryProperties = new StorageActiveDirectoryProperties("adtest.com", Guid.Parse("aebfc118-9fa9-4732-a21f-d98e41a77ae1"))
{
NetBiosDomainName = "adtest.com",
ForestName = "adtest.com",
DomainSid = "S-1-5-21-2400535526-2334094090-2402026252",
AzureStorageSid = "S-1-5-21-2400535526-2334094090-2402026252-0012",
SamAccountName = "sam12498",
AccountType = ActiveDirectoryAccountType.User,
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta da amostra
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"creationTime": "2017-06-01T02:42:41.7633306Z",
"azureFilesIdentityBasedAuthentication": {
"directoryServiceOptions": "AD",
"activeDirectoryProperties": {
"domainName": "adtest.com",
"netBiosDomainName": "adtest.com",
"forestName": "adtest.com",
"domainGuid": "aebfc118-9fa9-4732-a21f-d98e41a77ae1",
"domainSid": "S-1-5-21-2400535526-2334094090-2402026252",
"azureStorageSid": "S-1-5-21-2400535526-2334094090-2402026252-0012",
"samAccountName": "sam12498",
"accountType": "User"
}
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/"
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountEnableCMK
Pedido de amostra
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
*/
/**
* Sample code: StorageAccountEnableCMK.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountEnableCMK(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters().withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_enable_cmk.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"encryption": {
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
func ExampleAccountsClient_Update_storageAccountEnableCmk() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeSystemAssigned),
// PrincipalID: to.Ptr("911871cc-ffd1-4fc4-ac11-7a316433ea66"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
*/
async function storageAccountEnableCmk() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
encryption: {
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountEnableCMK.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://video2.skills-academy.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties()
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta da amostra
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"identity": {
"principalId": "911871cc-ffd1-4fc4-ac11-7a316433ea66",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"type": "SystemAssigned"
},
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"creationTime": "2017-06-01T02:42:41.7633306Z",
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
}
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/"
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdate
Pedido de amostra
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"isSftpEnabled": true,
"isLocalUserEnabled": true,
"enableExtendedGroups": true,
"defaultToOAuthAuthentication": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
}
}
}
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
*/
/**
* Sample code: StorageAccountUpdate.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdate(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20)).withIsSftpEnabled(true)
.withIsLocalUserEnabled(true).withEnableExtendedGroups(true)
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"enableExtendedGroups": True,
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isLocalUserEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
func ExampleAccountsClient_Update_storageAccountUpdate() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
EnableExtendedGroups: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsLocalUserEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// EnableExtendedGroups: to.Ptr(true),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// IsLocalUserEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
*/
async function storageAccountUpdate() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
enableExtendedGroups: true,
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
isLocalUserEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdate.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://video2.skills-academy.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
IsSftpEnabled = true,
IsLocalUserEnabled = true,
IsExtendedGroupEnabled = true,
NetworkRuleSet = new StorageAccountNetworkRuleSet(StorageNetworkDefaultAction.Allow)
{
ResourceAccessRules =
{
new StorageAccountResourceAccessRule()
{
TenantId = Guid.Parse("72f988bf-86f1-41af-91ab-2d7cd011db47"),
ResourceId = new ResourceIdentifier("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
}
},
},
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
IsDefaultToOAuthAuthentication = false,
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta da amostra
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"isSftpEnabled": true,
"isLocalUserEnabled": true,
"enableExtendedGroups": true,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateAllowedCopyScopeToAAD
Pedido de amostra
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"allowedCopyScope": "AAD"
}
}
import com.azure.resourcemanager.storage.models.AllowedCopyScope;
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateAllowedCopyScopeToAAD.json
*/
/**
* Sample code: StorageAccountUpdateAllowedCopyScopeToAAD.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateAllowedCopyScopeToAAD(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withAllowedCopyScope(AllowedCopyScope.AAD),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_allowed_copy_scope_to_aad.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"allowedCopyScope": "AAD",
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
func ExampleAccountsClient_Update_storageAccountUpdateAllowedCopyScopeToAad() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
*/
async function storageAccountUpdateAllowedCopyScopeToAad() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
allowedCopyScope: "AAD",
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateAllowedCopyScopeToAAD.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://video2.skills-academy.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
NetworkRuleSet = new StorageAccountNetworkRuleSet(StorageNetworkDefaultAction.Allow)
{
ResourceAccessRules =
{
new StorageAccountResourceAccessRule()
{
TenantId = Guid.Parse("72f988bf-86f1-41af-91ab-2d7cd011db47"),
ResourceId = new ResourceIdentifier("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
}
},
},
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
AllowedCopyScope = AllowedCopyScope.Aad,
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta da amostra
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"allowedCopyScope": "AAD",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateDisablePublicNetworkAccess
Pedido de amostra
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"defaultAction": "Allow"
},
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"publicNetworkAccess": "Disabled"
}
}
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.PublicNetworkAccess;
import com.azure.resourcemanager.storage.models.ResourceAccessRule;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateDisablePublicNetworkAccess.json
*/
/**
* Sample code: StorageAccountUpdateDisablePublicNetworkAccess.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountUpdateDisablePublicNetworkAccess(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod("1.15:59:59").withExpirationAction(ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withNetworkRuleSet(new NetworkRuleSet().withResourceAccessRules(Arrays.asList(
new ResourceAccessRule().withTenantId("72f988bf-86f1-41af-91ab-2d7cd011db47").withResourceId(
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace")))
.withDefaultAction(DefaultAction.ALLOW))
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withPublicNetworkAccess(PublicNetworkAccess.DISABLED),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_disable_public_network_access.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"networkAcls": {
"defaultAction": "Allow",
"resourceAccessRules": [
{
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
}
],
},
"publicNetworkAccess": "Disabled",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
func ExampleAccountsClient_Update_storageAccountUpdateDisablePublicNetworkAccess() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
NetworkRuleSet: &armstorage.NetworkRuleSet{
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
ResourceAccessRules: []*armstorage.ResourceAccessRule{
{
ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
}},
},
PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-06-01T02:42:41.763Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// ResourceAccessRules: []*armstorage.ResourceAccessRule{
// {
// ResourceID: to.Ptr("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
// TenantID: to.Ptr("72f988bf-86f1-41af-91ab-2d7cd011db47"),
// }},
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto8596.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto8596-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto8596-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto8596-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto8596-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto8596-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto8596-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto8596.queue.core.windows.net/"),
// Table: to.Ptr("https://sto8596.table.core.windows.net/"),
// Web: to.Ptr("https://sto8596.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2(stage)"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("northcentralus(stage)"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
*/
async function storageAccountUpdateDisablePublicNetworkAccess() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
encryption: {
keySource: "Microsoft.Storage",
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
keyPolicy: { keyExpirationPeriodInDays: 20 },
minimumTlsVersion: "TLS1_2",
networkRuleSet: {
defaultAction: "Allow",
resourceAccessRules: [
{
resourceId:
"/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace",
tenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47",
},
],
},
publicNetworkAccess: "Disabled",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateDisablePublicNetworkAccess.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://video2.skills-academy.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
NetworkRuleSet = new StorageAccountNetworkRuleSet(StorageNetworkDefaultAction.Allow)
{
ResourceAccessRules =
{
new StorageAccountResourceAccessRule()
{
TenantId = Guid.Parse("72f988bf-86f1-41af-91ab-2d7cd011db47"),
ResourceId = new ResourceIdentifier("/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"),
}
},
},
RoutingPreference = new StorageRoutingPreference()
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
PublicNetworkAccess = StoragePublicNetworkAccess.Disabled,
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta da amostra
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"sasPolicy": {
"sasExpirationPeriod": "1.15:59:59",
"expirationAction": "Log"
},
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"isHnsEnabled": true,
"allowBlobPublicAccess": false,
"minimumTlsVersion": "TLS1_2",
"allowSharedKeyAccess": true,
"creationTime": "2017-06-01T02:42:41.7633306Z",
"networkAcls": {
"resourceAccessRules": [
{
"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
}
],
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"web": "https://sto8596.web.core.windows.net/",
"dfs": "https://sto8596.dfs.core.windows.net/",
"blob": "https://sto8596.blob.core.windows.net/",
"file": "https://sto8596.file.core.windows.net/",
"queue": "https://sto8596.queue.core.windows.net/",
"table": "https://sto8596.table.core.windows.net/",
"microsoftEndpoints": {
"web": "https://sto8596-microsoftrouting.web.core.windows.net/",
"dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
"blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
"file": "https://sto8596-microsoftrouting.file.core.windows.net/",
"queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
"table": "https://sto8596-microsoftrouting.table.core.windows.net/"
},
"internetEndpoints": {
"web": "https://sto8596-internetrouting.web.core.windows.net/",
"dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
"blob": "https://sto8596-internetrouting.blob.core.windows.net/",
"file": "https://sto8596-internetrouting.file.core.windows.net/"
}
},
"primaryLocation": "eastus2(stage)",
"provisioningState": "Succeeded",
"routingPreference": {
"routingChoice": "MicrosoftRouting",
"publishMicrosoftEndpoints": true,
"publishInternetEndpoints": true
},
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
},
"keySource": "Microsoft.Storage"
},
"publicNetworkAccess": "Disabled",
"secondaryLocation": "northcentralus(stage)",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK
Pedido de amostra
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2023-05-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
},
"keySource": "Microsoft.Keyvault",
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
*/
/**
* Sample code: StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateUserAssignedEncryptionIdentityWithCMK(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res9101", "sto4445",
new StorageAccountUpdateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withKind(Kind.STORAGE)
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_user_assigned_encryption_identity_with_cmk.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"properties": {
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
func ExampleAccountsClient_Update_storageAccountUpdateUserAssignedEncryptionIdentityWithCmk() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9101", "sto4445", armstorage.AccountUpdateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
*/
async function storageAccountUpdateUserAssignedEncryptionIdentityWithCmk() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://video2.skills-academy.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
string accountName = "sto4445";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Sku = new StorageSku(StorageSkuName.StandardLrs),
Identity = new ManagedServiceIdentity("UserAssigned")
{
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")] = new UserAssignedIdentity(),
},
},
Kind = StorageKind.Storage,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties()
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
EncryptionIdentity = new StorageAccountEncryptionIdentity()
{
EncryptionUserAssignedIdentity = "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta da amostra
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7",
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5"
}
},
"type": "UserAssigned"
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"location": "eastus",
"tags": {},
"properties": {
"privateEndpointConnections": [],
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
},
"keySource": "Microsoft.Keyvault"
},
"accessTier": "Hot",
"provisioningState": "Succeeded",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/"
},
"primaryLocation": "eastus",
"statusOfPrimary": "available"
}
}
StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId
Pedido de amostra
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res131918/providers/Microsoft.Storage/storageAccounts/sto131918?api-version=2023-05-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": ""
},
"keySource": "Microsoft.Keyvault",
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6"
}
}
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
/**
* Sample code: StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().updateWithResponse("res131918",
"sto131918",
new StorageAccountUpdateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withKind(Kind.STORAGE)
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")
.withEncryptionFederatedIdentityClientId("3109d1c4-a5de-4d84-8832-feabb916a4b6"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_user_assigned_identity_with_federated_identity_client_id.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res131918",
account_name="sto131918",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"properties": {
"encryption": {
"identity": {
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6",
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
func ExampleAccountsClient_Update_storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res131918", "sto131918", armstorage.AccountUpdateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Properties: &armstorage.AccountPropertiesUpdateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionFederatedIdentityClientID: to.Ptr("3109d1c4-a5de-4d84-8832-feabb916a4b6"),
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionFederatedIdentityClientID: to.Ptr("3109d1c4-a5de-4d84-8832-feabb916a4b6"),
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
async function storageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res131918";
const accountName = "sto131918";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionFederatedIdentityClientId: "3109d1c4-a5de-4d84-8832-feabb916a4b6",
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateUserAssignedIdentityWithFederatedIdentityClientId.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://video2.skills-academy.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res131918";
string accountName = "sto131918";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
Sku = new StorageSku(StorageSkuName.StandardLrs),
Identity = new ManagedServiceIdentity("UserAssigned")
{
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")] = new UserAssignedIdentity(),
},
},
Kind = StorageKind.Storage,
Encryption = new StorageAccountEncryption()
{
Services = new StorageAccountEncryptionServices()
{
Blob = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService()
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties()
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
EncryptionIdentity = new StorageAccountEncryptionIdentity()
{
EncryptionUserAssignedIdentity = "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
EncryptionFederatedIdentityClientId = "3109d1c4-a5de-4d84-8832-feabb916a4b6",
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta da amostra
{
"identity": {
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7",
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5"
}
},
"type": "UserAssigned"
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"location": "eastus",
"tags": {},
"properties": {
"privateEndpointConnections": [],
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
"federatedIdentityClientId": "3109d1c4-a5de-4d84-8832-feabb916a4b6"
},
"keyvaultproperties": {
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyname": "wrappingKey",
"keyversion": "",
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"file": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"blob": {
"keyType": "Account",
"enabled": true,
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
},
"keySource": "Microsoft.Keyvault"
},
"accessTier": "Hot",
"provisioningState": "Succeeded",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"primaryEndpoints": {
"web": "https://sto4445.web.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"blob": "https://sto4445.blob.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/"
},
"primaryLocation": "eastus",
"statusOfPrimary": "available"
}
}
StorageAccountUpdateWithImmutabilityPolicy
Pedido de amostra
PATCH https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596?api-version=2023-05-01
{
"properties": {
"immutableStorageWithVersioning": {
"immutabilityPolicy": {
"immutabilityPeriodSinceCreationInDays": 15,
"allowProtectedAppendWrites": true,
"state": "Locked"
},
"enabled": true
}
}
}
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyProperties;
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyState;
import com.azure.resourcemanager.storage.models.ImmutableStorageAccount;
import com.azure.resourcemanager.storage.models.StorageAccountUpdateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Update.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/
* StorageAccountUpdateWithImmutabilityPolicy.json
*/
/**
* Sample code: StorageAccountUpdateWithImmutabilityPolicy.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountUpdateWithImmutabilityPolicy(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.updateWithResponse("res9407", "sto8596",
new StorageAccountUpdateParameters()
.withImmutableStorageWithVersioning(new ImmutableStorageAccount().withEnabled(true)
.withImmutabilityPolicy(new AccountImmutabilityPolicyProperties()
.withImmutabilityPeriodSinceCreationInDays(15)
.withState(AccountImmutabilityPolicyState.LOCKED).withAllowProtectedAppendWrites(true))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from typing import Any, IO, Union
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_update_with_immutability_policy.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.update(
resource_group_name="res9407",
account_name="sto8596",
parameters={
"properties": {
"immutableStorageWithVersioning": {
"enabled": True,
"immutabilityPolicy": {
"allowProtectedAppendWrites": True,
"immutabilityPeriodSinceCreationInDays": 15,
"state": "Locked",
},
}
}
},
)
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/220ad9c6554fc7d6d10a89bdb441c1e3b36e3285/specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
func ExampleAccountsClient_Update_storageAccountUpdateWithImmutabilityPolicy() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAccountsClient().Update(ctx, "res9407", "sto8596", armstorage.AccountUpdateParameters{
Properties: &armstorage.AccountPropertiesUpdateParameters{
ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
Enabled: to.Ptr(true),
ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
AllowProtectedAppendWrites: to.Ptr(true),
ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
State: to.Ptr(armstorage.AccountImmutabilityPolicyStateLocked),
},
},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto8596"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596"),
// Location: to.Ptr("eastus2(stage)"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
// Enabled: to.Ptr(true),
// ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
// AllowProtectedAppendWrites: to.Ptr(true),
// ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
// State: to.Ptr(armstorage.AccountImmutabilityPolicyStateLocked),
// },
// },
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
*
* @summary The update operation can be used to update the SKU, encryption, access tier, or tags for a storage account. It can also be used to map the account to a custom domain. Only one custom domain is supported per storage account; the replacement/change of custom domain is not supported. In order to replace an old custom domain, the old value must be cleared/unregistered before a new value can be set. The update of multiple properties is supported. This call does not change the storage keys for the account. If you want to change the storage account keys, use the regenerate keys operation. The location and name of the storage account cannot be changed after creation.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
*/
async function storageAccountUpdateWithImmutabilityPolicy() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9407";
const accountName = "sto8596";
const parameters = {
immutableStorageWithVersioning: {
enabled: true,
immutabilityPolicy: {
allowProtectedAppendWrites: true,
immutabilityPeriodSinceCreationInDays: 15,
state: "Locked",
},
},
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.update(resourceGroupName, accountName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2023-05-01/examples/StorageAccountUpdateWithImmutabilityPolicy.json
// this example is just showing the usage of "StorageAccounts_Update" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://video2.skills-academy.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this StorageAccountResource created on azure
// for more information of creating StorageAccountResource, please refer to the document of StorageAccountResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9407";
string accountName = "sto8596";
ResourceIdentifier storageAccountResourceId = StorageAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);
StorageAccountResource storageAccount = client.GetStorageAccountResource(storageAccountResourceId);
// invoke the operation
StorageAccountPatch patch = new StorageAccountPatch()
{
ImmutableStorageWithVersioning = new ImmutableStorageAccount()
{
IsEnabled = true,
ImmutabilityPolicy = new AccountImmutabilityPolicy()
{
ImmutabilityPeriodSinceCreationInDays = 15,
State = AccountImmutabilityPolicyState.Locked,
AllowProtectedAppendWrites = true,
},
},
};
StorageAccountResource result = await storageAccount.UpdateAsync(patch);
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta da amostra
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
"kind": "Storage",
"location": "eastus2(stage)",
"name": "sto8596",
"properties": {
"immutableStorageWithVersioning": {
"immutabilityPolicy": {
"immutabilityPeriodSinceCreationInDays": 15,
"allowProtectedAppendWrites": true,
"state": "Locked"
},
"enabled": true
}
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"type": "Microsoft.Storage/storageAccounts"
}
Definições
| Name |
Description |
|
AccessTier
|
Necessário para contas de armazenamento onde kind = BlobStorage. A camada de acesso é usada para faturamento. A camada de acesso 'Premium' é o valor padrão para o tipo de conta de armazenamento de blobs de bloco premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de bloco premium.
|
|
AccountImmutabilityPolicyProperties
|
Isso define as propriedades da política de imutabilidade no nível da conta.
|
|
AccountImmutabilityPolicyState
|
O estado ImmutabilityPolicy define o modo da política. O estado desativado desativa a política, o estado desbloqueado permite o aumento e a diminuição do tempo de retenção de imutabilidade e também permite alternar a propriedade allowProtectedAppendWrites, o estado bloqueado só permite o aumento do tempo de retenção de imutabilidade. Uma política só pode ser criada no estado Desativado ou Desbloqueado e pode ser alternada entre os dois estados. Somente uma política em um estado Desbloqueado pode fazer a transição para um estado Bloqueado que não pode ser revertido.
|
|
AccountStatus
|
Obtém o status que indica se o local principal da conta de armazenamento está disponível ou indisponível.
|
|
AccountType
|
Especifica o tipo de conta do Ative Directory para o Armazenamento do Azure.
|
|
Action
|
A ação da regra de rede virtual.
|
|
ActiveDirectoryProperties
|
Propriedades de configurações para o Ative Directory (AD).
|
|
AllowedCopyScope
|
Restrinja a cópia de e para Contas de Armazenamento dentro de um locatário do AAD ou com Links Privados para a mesma VNet.
|
|
AzureFilesIdentityBasedAuthentication
|
Configurações para autenticação baseada em identidade dos Arquivos do Azure.
|
|
BlobRestoreParameters
|
Parâmetros de restauração de blob
|
|
BlobRestoreProgressStatus
|
O status do progresso de restauração de blob. Os valores possíveis são: - InProgress: indica que a restauração de blob está em andamento. - Completo: Indica que a restauração do blob foi concluída com êxito. - Falha: Indica que a restauração do blob falhou.
|
|
BlobRestoreRange
|
Intervalo de Blob
|
|
BlobRestoreStatus
|
Status de restauração de Blob.
|
|
Bypass
|
Especifica se o tráfego é ignorado para Logging/Metrics/AzureServices. Os valores possíveis são qualquer combinação de Logging|Métricas|AzureServices (por exemplo, "Logging, Metrics") ou Nenhum para ignorar nenhum desses tráfegos.
|
|
CustomDomain
|
O domínio personalizado atribuído a esta conta de armazenamento. Isso pode ser definido via Update.
|
|
DefaultAction
|
Especifica a ação padrão de permitir ou negar quando nenhuma outra regra corresponder.
|
|
DefaultSharePermission
|
Permissão de compartilhamento padrão para usuários que usam a autenticação Kerberos se a função RBAC não estiver atribuída.
|
|
DirectoryServiceOptions
|
Indica o serviço de diretório usado. Note-se que este enum pode ser estendido no futuro.
|
|
DnsEndpointType
|
Permite especificar o tipo de ponto de extremidade. Defina isso como AzureDNSZone para criar um grande número de contas em uma única assinatura, que cria contas em uma Zona DNS do Azure e a URL do ponto de extremidade terá um identificador alfanumérico de Zona DNS.
|
|
Encryption
|
As configurações de criptografia na conta de armazenamento.
|
|
EncryptionIdentity
|
Identidade de criptografia para a conta de armazenamento.
|
|
EncryptionService
|
Um serviço que permite o uso de criptografia do lado do servidor.
|
|
EncryptionServices
|
Uma lista de serviços que suportam encriptação.
|
|
Endpoints
|
Os URIs que são usados para executar uma recuperação de um blob público, fila, tabela, web ou objeto dfs.
|
|
ExpirationAction
|
A ação de expiração SAS define a ação a ser executada quando sasPolicy.sasExpirationPeriod é violado. A ação 'Log' pode ser usada para fins de auditoria e a ação 'Bloquear' pode ser usada para bloquear e negar o uso de tokens SAS que não aderem ao período de expiração da política sas.
|
|
ExtendedLocation
|
O tipo complexo do local estendido.
|
|
ExtendedLocationTypes
|
O tipo de local estendido.
|
|
GeoReplicationStats
|
Estatísticas relacionadas à replicação para os serviços Blob, Tabela, Fila e Arquivo da conta de armazenamento. Ele só está disponível quando a replicação com redundância geográfica está habilitada para a conta de armazenamento.
|
|
GeoReplicationStatus
|
O status do local secundário. Os valores possíveis são: - Live: Indica que o local secundário está ativo e operacional. - Bootstrap: Indica que a sincronização inicial do local primário para o local secundário está em andamento. Isso normalmente ocorre quando a replicação é habilitada pela primeira vez. - Indisponível: Indica que o local secundário está temporariamente indisponível.
|
|
Identity
|
Identidade do recurso.
|
|
IdentityType
|
O tipo de identidade.
|
|
ImmutableStorageAccount
|
Essa propriedade habilita e define a imutabilidade no nível da conta. A ativação do recurso habilita automaticamente o Controle de Versão de Blob.
|
|
IPRule
|
Regra de IP com IP específico ou intervalo de IP no formato CIDR.
|
|
KeyCreationTime
|
Tempo de criação das chaves da conta de armazenamento.
|
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
|
KeySource
|
A chave de criptografiaSource (provedor). Valores possíveis (sem distinção entre maiúsculas e minúsculas): Microsoft.Storage, Microsoft.Keyvault
|
|
KeyType
|
Tipo de chave de criptografia a ser usada para o serviço de criptografia. O tipo de chave 'Conta' implica que será utilizada uma chave de encriptação com âmbito de conta. O tipo de chave 'Serviço' implica que é utilizada uma chave de serviço predefinida.
|
|
KeyVaultProperties
|
Propriedades do cofre de chaves.
|
|
Kind
|
Indica o tipo de conta de armazenamento.
|
|
LargeFileSharesState
|
Permita compartilhamentos de arquivos grandes se definido como Habilitado. Ele não pode ser desativado uma vez que está ativado.
|
|
MinimumTlsVersion
|
Defina a versão mínima do TLS a ser permitida em solicitações de armazenamento. A interpretação padrão é TLS 1.0 para esta propriedade.
|
|
NetworkRuleSet
|
Conjunto de regras de rede
|
|
postFailoverRedundancy
|
O tipo de redundância da conta após a execução de um failover de conta.
|
|
postPlannedFailoverRedundancy
|
O tipo de redundância da conta após a execução de um failover de conta planejado.
|
|
PrivateEndpoint
|
O recurso Ponto Final Privado.
|
|
PrivateEndpointConnection
|
O recurso Private Endpoint Connection.
|
|
PrivateEndpointConnectionProvisioningState
|
O estado de provisionamento atual.
|
|
PrivateEndpointServiceConnectionStatus
|
O status da conexão de ponto de extremidade privado.
|
|
PrivateLinkServiceConnectionState
|
Uma recolha de informações sobre o estado da ligação entre o consumidor e o prestador de serviços.
|
|
ProvisioningState
|
Obtém o status da conta de armazenamento no momento em que a operação foi chamada.
|
|
PublicNetworkAccess
|
Permitir, não permitir ou permitir a configuração do Perímetro de Segurança de Rede para avaliar o acesso à rede pública à Conta de Armazenamento. O valor é opcional, mas se passado, deve ser 'Enabled', 'Disabled' ou 'SecuredByPerimeter'.
|
|
ResourceAccessRule
|
Regra de Acesso a Recursos.
|
|
RoutingChoice
|
A opção de roteamento define o tipo de roteamento de rede escolhido pelo usuário.
|
|
RoutingPreference
|
Preferência de roteamento define o tipo de rede, seja microsoft ou roteamento de internet a ser usado para entregar os dados do usuário, a opção padrão é roteamento microsoft
|
|
SasPolicy
|
SasPolicy atribuído à conta de armazenamento.
|
|
Sku
|
O SKU da conta de armazenamento.
|
|
SkuConversionStatus
|
Esta propriedade indica o status atual de conversão de sku.
|
|
SkuName
|
O nome SKU. Necessário para a criação de conta; opcional para atualização. Observe que, em versões mais antigas, o nome da SKU era chamado accountType.
|
|
SkuTier
|
A camada de SKU. Isso é baseado no nome SKU.
|
|
State
|
Obtém o estado da regra de rede virtual.
|
|
StorageAccount
|
A conta de armazenamento.
|
|
StorageAccountInternetEndpoints
|
Os URIs que são usados para executar uma recuperação de um blob público, arquivo, web ou objeto dfs por meio de um ponto de extremidade de roteamento da Internet.
|
|
StorageAccountMicrosoftEndpoints
|
Os URIs que são usados para executar uma recuperação de um blob público, fila, tabela, web ou objeto dfs por meio de um ponto de extremidade de roteamento da Microsoft.
|
|
StorageAccountSkuConversionStatus
|
Isso define o objeto de status de conversão de sku para conversões de sku assíncronas.
|
|
StorageAccountUpdateParameters
|
Os parâmetros que podem ser fornecidos ao atualizar as propriedades da conta de armazenamento.
|
|
UserAssignedIdentity
|
UserAssignedIdentity para o recurso.
|
|
VirtualNetworkRule
|
Regra de Rede Virtual.
|
AccessTier
Necessário para contas de armazenamento onde kind = BlobStorage. A camada de acesso é usada para faturamento. A camada de acesso 'Premium' é o valor padrão para o tipo de conta de armazenamento de blobs de bloco premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de bloco premium.
| Name |
Tipo |
Description |
|
Cold
|
string
|
|
|
Cool
|
string
|
|
|
Hot
|
string
|
|
|
Premium
|
string
|
|
AccountImmutabilityPolicyProperties
Isso define as propriedades da política de imutabilidade no nível da conta.
| Name |
Tipo |
Description |
|
allowProtectedAppendWrites
|
boolean
|
Essa propriedade só pode ser alterada para políticas de retenção com base no tempo desabilitadas e desbloqueadas. Quando habilitados, novos blocos podem ser gravados em um blob de acréscimo, mantendo a proteção e a conformidade da imutabilidade. Apenas novos blocos podem ser adicionados e quaisquer blocos existentes não podem ser modificados ou excluídos.
|
|
immutabilityPeriodSinceCreationInDays
|
integer
|
O período de imutabilidade para os blobs no contêiner desde a criação da política, em dias.
|
|
state
|
AccountImmutabilityPolicyState
|
O estado ImmutabilityPolicy define o modo da política. O estado desativado desativa a política, o estado desbloqueado permite o aumento e a diminuição do tempo de retenção de imutabilidade e também permite alternar a propriedade allowProtectedAppendWrites, o estado bloqueado só permite o aumento do tempo de retenção de imutabilidade. Uma política só pode ser criada no estado Desativado ou Desbloqueado e pode ser alternada entre os dois estados. Somente uma política em um estado Desbloqueado pode fazer a transição para um estado Bloqueado que não pode ser revertido.
|
AccountImmutabilityPolicyState
O estado ImmutabilityPolicy define o modo da política. O estado desativado desativa a política, o estado desbloqueado permite o aumento e a diminuição do tempo de retenção de imutabilidade e também permite alternar a propriedade allowProtectedAppendWrites, o estado bloqueado só permite o aumento do tempo de retenção de imutabilidade. Uma política só pode ser criada no estado Desativado ou Desbloqueado e pode ser alternada entre os dois estados. Somente uma política em um estado Desbloqueado pode fazer a transição para um estado Bloqueado que não pode ser revertido.
| Name |
Tipo |
Description |
|
Disabled
|
string
|
|
|
Locked
|
string
|
|
|
Unlocked
|
string
|
|
AccountStatus
Obtém o status que indica se o local principal da conta de armazenamento está disponível ou indisponível.
| Name |
Tipo |
Description |
|
available
|
string
|
|
|
unavailable
|
string
|
|
AccountType
Especifica o tipo de conta do Ative Directory para o Armazenamento do Azure.
| Name |
Tipo |
Description |
|
Computer
|
string
|
|
|
User
|
string
|
|
Action
A ação da regra de rede virtual.
| Name |
Tipo |
Description |
|
Allow
|
string
|
|
ActiveDirectoryProperties
Propriedades de configurações para o Ative Directory (AD).
| Name |
Tipo |
Description |
|
accountType
|
AccountType
|
Especifica o tipo de conta do Ative Directory para o Armazenamento do Azure.
|
|
azureStorageSid
|
string
|
Especifica o identificador de segurança (SID) para o Armazenamento do Azure.
|
|
domainGuid
|
string
|
Especifica o GUID do domínio.
|
|
domainName
|
string
|
Especifica o domínio primário para o qual o servidor DNS do AD é autoritativo.
|
|
domainSid
|
string
|
Especifica o identificador de segurança (SID).
|
|
forestName
|
string
|
Especifica a floresta do Ative Directory a ser obtida.
|
|
netBiosDomainName
|
string
|
Especifica o nome de domínio NetBIOS.
|
|
samAccountName
|
string
|
Especifica o Ative Directory SAMAccountName para o Armazenamento do Azure.
|
AllowedCopyScope
Restrinja a cópia de e para Contas de Armazenamento dentro de um locatário do AAD ou com Links Privados para a mesma VNet.
| Name |
Tipo |
Description |
|
AAD
|
string
|
|
|
PrivateLink
|
string
|
|
AzureFilesIdentityBasedAuthentication
Configurações para autenticação baseada em identidade dos Arquivos do Azure.
| Name |
Tipo |
Description |
|
activeDirectoryProperties
|
ActiveDirectoryProperties
|
Obrigatório se directoryServiceOptions for AD, opcional se for AADKERB.
|
|
defaultSharePermission
|
DefaultSharePermission
|
Permissão de compartilhamento padrão para usuários que usam a autenticação Kerberos se a função RBAC não estiver atribuída.
|
|
directoryServiceOptions
|
DirectoryServiceOptions
|
Indica o serviço de diretório usado. Note-se que este enum pode ser estendido no futuro.
|
BlobRestoreParameters
Parâmetros de restauração de blob
| Name |
Tipo |
Description |
|
blobRanges
|
BlobRestoreRange[]
|
Intervalos de Blob para restauração.
|
|
timeToRestore
|
string
|
Restaure o blob para o tempo especificado.
|
BlobRestoreProgressStatus
O status do progresso de restauração de blob. Os valores possíveis são: - InProgress: indica que a restauração de blob está em andamento. - Completo: Indica que a restauração do blob foi concluída com êxito. - Falha: Indica que a restauração do blob falhou.
| Name |
Tipo |
Description |
|
Complete
|
string
|
|
|
Failed
|
string
|
|
|
InProgress
|
string
|
|
BlobRestoreRange
Intervalo de Blob
| Name |
Tipo |
Description |
|
endRange
|
string
|
Intervalo final de blob. Isto é exclusivo. Vazio significa fim da conta.
|
|
startRange
|
string
|
Intervalo inicial do blob. Isto é inclusivo. Vazio significa início da conta.
|
BlobRestoreStatus
Status de restauração de Blob.
| Name |
Tipo |
Description |
|
failureReason
|
string
|
Motivo da falha quando a restauração do blob falhou.
|
|
parameters
|
BlobRestoreParameters
|
Parâmetros de solicitação de restauração de Blob.
|
|
restoreId
|
string
|
Id para rastrear a solicitação de restauração de blob.
|
|
status
|
BlobRestoreProgressStatus
|
O status do progresso de restauração de blob. Os valores possíveis são: - InProgress: indica que a restauração de blob está em andamento. - Completo: Indica que a restauração do blob foi concluída com êxito. - Falha: Indica que a restauração do blob falhou.
|
Bypass
Especifica se o tráfego é ignorado para Logging/Metrics/AzureServices. Os valores possíveis são qualquer combinação de Logging|Métricas|AzureServices (por exemplo, "Logging, Metrics") ou Nenhum para ignorar nenhum desses tráfegos.
| Name |
Tipo |
Description |
|
AzureServices
|
string
|
|
|
Logging
|
string
|
|
|
Metrics
|
string
|
|
|
None
|
string
|
|
CustomDomain
O domínio personalizado atribuído a esta conta de armazenamento. Isso pode ser definido via Update.
| Name |
Tipo |
Description |
|
name
|
string
|
Obtém ou define o nome de domínio personalizado atribuído à conta de armazenamento. Nome é a fonte CNAME.
|
|
useSubDomainName
|
boolean
|
Indica se a validação indireta do CName está habilitada. O valor padrão é false. Isso só deve ser definido em atualizações.
|
DefaultAction
Especifica a ação padrão de permitir ou negar quando nenhuma outra regra corresponder.
| Name |
Tipo |
Description |
|
Allow
|
string
|
|
|
Deny
|
string
|
|
DefaultSharePermission
Permissão de compartilhamento padrão para usuários que usam a autenticação Kerberos se a função RBAC não estiver atribuída.
| Name |
Tipo |
Description |
|
None
|
string
|
|
|
StorageFileDataSmbShareContributor
|
string
|
|
|
StorageFileDataSmbShareElevatedContributor
|
string
|
|
|
StorageFileDataSmbShareReader
|
string
|
|
DirectoryServiceOptions
Indica o serviço de diretório usado. Note-se que este enum pode ser estendido no futuro.
| Name |
Tipo |
Description |
|
AADDS
|
string
|
|
|
AADKERB
|
string
|
|
|
AD
|
string
|
|
|
None
|
string
|
|
DnsEndpointType
Permite especificar o tipo de ponto de extremidade. Defina isso como AzureDNSZone para criar um grande número de contas em uma única assinatura, que cria contas em uma Zona DNS do Azure e a URL do ponto de extremidade terá um identificador alfanumérico de Zona DNS.
| Name |
Tipo |
Description |
|
AzureDnsZone
|
string
|
|
|
Standard
|
string
|
|
Encryption
As configurações de criptografia na conta de armazenamento.
| Name |
Tipo |
Default value |
Description |
|
identity
|
EncryptionIdentity
|
|
A identidade a ser usada com a criptografia do lado do serviço em repouso.
|
|
keySource
|
KeySource
|
Microsoft.Storage
|
A chave de criptografiaSource (provedor). Valores possíveis (sem distinção entre maiúsculas e minúsculas): Microsoft.Storage, Microsoft.Keyvault
|
|
keyvaultproperties
|
KeyVaultProperties
|
|
Propriedades fornecidas pelo cofre de chaves.
|
|
requireInfrastructureEncryption
|
boolean
|
|
Um booleano que indica se o serviço aplica ou não uma camada secundária de criptografia com chaves gerenciadas pela plataforma para dados em repouso.
|
|
services
|
EncryptionServices
|
|
Lista de serviços que suportam encriptação.
|
EncryptionIdentity
Identidade de criptografia para a conta de armazenamento.
| Name |
Tipo |
Description |
|
federatedIdentityClientId
|
string
|
ClientId do aplicativo multilocatário a ser usado em conjunto com a identidade atribuída pelo usuário para criptografia do lado do servidor de chaves gerenciadas pelo cliente entre locatários na conta de armazenamento.
|
|
userAssignedIdentity
|
string
|
Identificador de recurso da identidade UserAssigned a ser associada à criptografia do lado do servidor na conta de armazenamento.
|
EncryptionService
Um serviço que permite o uso de criptografia do lado do servidor.
| Name |
Tipo |
Description |
|
enabled
|
boolean
|
Um booleano que indica se o serviço criptografa ou não os dados à medida que são armazenados. A criptografia em repouso está habilitada por padrão atualmente e não pode ser desabilitada.
|
|
keyType
|
KeyType
|
Tipo de chave de criptografia a ser usada para o serviço de criptografia. O tipo de chave 'Conta' implica que será utilizada uma chave de encriptação com âmbito de conta. O tipo de chave 'Serviço' implica que é utilizada uma chave de serviço predefinida.
|
|
lastEnabledTime
|
string
|
Obtém uma estimativa aproximada da data/hora em que a criptografia foi habilitada pela última vez pelo usuário. Atualmente, os dados são criptografados em repouso por padrão e não podem ser desativados.
|
EncryptionServices
Uma lista de serviços que suportam encriptação.
| Name |
Tipo |
Description |
|
blob
|
EncryptionService
|
A função de criptografia do serviço de armazenamento de blob.
|
|
file
|
EncryptionService
|
A função de encriptação do serviço de armazenamento de ficheiros.
|
|
queue
|
EncryptionService
|
A função de criptografia do serviço de armazenamento de filas.
|
|
table
|
EncryptionService
|
A função de criptografia do serviço de armazenamento de tabelas.
|
Endpoints
Os URIs que são usados para executar uma recuperação de um blob público, fila, tabela, web ou objeto dfs.
| Name |
Tipo |
Description |
|
blob
|
string
|
Obtém o ponto de extremidade blob.
|
|
dfs
|
string
|
Obtém o ponto de extremidade dfs.
|
|
file
|
string
|
Obtém o ponto de extremidade do arquivo.
|
|
internetEndpoints
|
StorageAccountInternetEndpoints
|
Obtém os pontos de extremidade de armazenamento de roteamento da Internet
|
|
microsoftEndpoints
|
StorageAccountMicrosoftEndpoints
|
Obtém os pontos de extremidade de armazenamento de roteamento da Microsoft.
|
|
queue
|
string
|
Obtém o ponto de extremidade da fila.
|
|
table
|
string
|
Obtém o ponto de extremidade da tabela.
|
|
web
|
string
|
Obtém o ponto de extremidade da Web.
|
ExpirationAction
A ação de expiração SAS define a ação a ser executada quando sasPolicy.sasExpirationPeriod é violado. A ação 'Log' pode ser usada para fins de auditoria e a ação 'Bloquear' pode ser usada para bloquear e negar o uso de tokens SAS que não aderem ao período de expiração da política sas.
| Name |
Tipo |
Description |
|
Block
|
string
|
|
|
Log
|
string
|
|
ExtendedLocation
O tipo complexo do local estendido.
| Name |
Tipo |
Description |
|
name
|
string
|
O nome do local estendido.
|
|
type
|
ExtendedLocationTypes
|
O tipo de local estendido.
|
ExtendedLocationTypes
O tipo de local estendido.
| Name |
Tipo |
Description |
|
EdgeZone
|
string
|
|
GeoReplicationStats
Estatísticas relacionadas à replicação para os serviços Blob, Tabela, Fila e Arquivo da conta de armazenamento. Ele só está disponível quando a replicação com redundância geográfica está habilitada para a conta de armazenamento.
| Name |
Tipo |
Description |
|
canFailover
|
boolean
|
Um sinalizador booleano que indica se o failover de conta é suportado ou não para a conta.
|
|
canPlannedFailover
|
boolean
|
Um sinalizador booleano que indica se o failover de conta planejado é suportado ou não para a conta.
|
|
lastSyncTime
|
string
|
Todas as gravações primárias anteriores a esse valor de data/hora UTC têm a garantia de estar disponíveis para operações de leitura. As gravações primárias após este ponto no tempo podem ou não estar disponíveis para leitura. O elemento pode ser o valor padrão se o valor de LastSyncTime não estiver disponível, isso pode acontecer se o secundário estiver offline ou se estivermos no bootstrap.
|
|
postFailoverRedundancy
|
postFailoverRedundancy
|
O tipo de redundância da conta após a execução de um failover de conta.
|
|
postPlannedFailoverRedundancy
|
postPlannedFailoverRedundancy
|
O tipo de redundância da conta após a execução de um failover de conta planejado.
|
|
status
|
GeoReplicationStatus
|
O status do local secundário. Os valores possíveis são: - Live: Indica que o local secundário está ativo e operacional. - Bootstrap: Indica que a sincronização inicial do local primário para o local secundário está em andamento. Isso normalmente ocorre quando a replicação é habilitada pela primeira vez. - Indisponível: Indica que o local secundário está temporariamente indisponível.
|
GeoReplicationStatus
O status do local secundário. Os valores possíveis são: - Live: Indica que o local secundário está ativo e operacional. - Bootstrap: Indica que a sincronização inicial do local primário para o local secundário está em andamento. Isso normalmente ocorre quando a replicação é habilitada pela primeira vez. - Indisponível: Indica que o local secundário está temporariamente indisponível.
| Name |
Tipo |
Description |
|
Bootstrap
|
string
|
|
|
Live
|
string
|
|
|
Unavailable
|
string
|
|
Identity
Identidade do recurso.
| Name |
Tipo |
Description |
|
principalId
|
string
|
A ID principal da identidade do recurso.
|
|
tenantId
|
string
|
A ID do locatário do recurso.
|
|
type
|
IdentityType
|
O tipo de identidade.
|
|
userAssignedIdentities
|
<string,
UserAssignedIdentity>
|
Obtém ou define uma lista de pares de valores de chave que descrevem o conjunto de identidades atribuídas pelo usuário que serão usadas com essa conta de armazenamento. A chave é o identificador de recurso ARM da identidade. Apenas 1 identidade atribuída ao usuário é permitida aqui.
|
IdentityType
O tipo de identidade.
| Name |
Tipo |
Description |
|
None
|
string
|
|
|
SystemAssigned
|
string
|
|
|
SystemAssigned,UserAssigned
|
string
|
|
|
UserAssigned
|
string
|
|
ImmutableStorageAccount
Essa propriedade habilita e define a imutabilidade no nível da conta. A ativação do recurso habilita automaticamente o Controle de Versão de Blob.
| Name |
Tipo |
Description |
|
enabled
|
boolean
|
Um sinalizador booleano que permite a imutabilidade no nível da conta. Todos os contêineres sob tal conta têm imutabilidade no nível do objeto habilitada por padrão.
|
|
immutabilityPolicy
|
AccountImmutabilityPolicyProperties
|
Especifica a política de imutabilidade no nível de conta padrão que é herdada e aplicada a objetos que não possuem uma política de imutabilidade explícita no nível do objeto. A política de imutabilidade no nível do objeto tem precedência maior do que a política de imutabilidade no nível do contêiner, que tem uma precedência maior do que a política de imutabilidade no nível da conta.
|
IPRule
Regra de IP com IP específico ou intervalo de IP no formato CIDR.
| Name |
Tipo |
Default value |
Description |
|
action
|
Action
|
Allow
|
A ação da regra ACL IP.
|
|
value
|
string
|
|
Especifica o IP ou intervalo de IP no formato CIDR. Apenas o endereço IPV4 é permitido.
|
KeyCreationTime
Tempo de criação das chaves da conta de armazenamento.
| Name |
Tipo |
Description |
|
key1
|
string
|
|
|
key2
|
string
|
|
KeyPolicy
KeyPolicy atribuído à conta de armazenamento.
| Name |
Tipo |
Description |
|
keyExpirationPeriodInDays
|
integer
|
O período de expiração da chave em dias.
|
KeySource
A chave de criptografiaSource (provedor). Valores possíveis (sem distinção entre maiúsculas e minúsculas): Microsoft.Storage, Microsoft.Keyvault
| Name |
Tipo |
Description |
|
Microsoft.Keyvault
|
string
|
|
|
Microsoft.Storage
|
string
|
|
KeyType
Tipo de chave de criptografia a ser usada para o serviço de criptografia. O tipo de chave 'Conta' implica que será utilizada uma chave de encriptação com âmbito de conta. O tipo de chave 'Serviço' implica que é utilizada uma chave de serviço predefinida.
| Name |
Tipo |
Description |
|
Account
|
string
|
|
|
Service
|
string
|
|
KeyVaultProperties
Propriedades do cofre de chaves.
| Name |
Tipo |
Description |
|
currentVersionedKeyExpirationTimestamp
|
string
|
Esta é uma propriedade somente leitura que representa o tempo de expiração da versão atual da chave gerenciada pelo cliente usada para criptografia.
|
|
currentVersionedKeyIdentifier
|
string
|
O identificador de objeto da chave do cofre da chave com versão atual em uso.
|
|
keyname
|
string
|
O nome da chave KeyVault.
|
|
keyvaulturi
|
string
|
O Uri do KeyVault.
|
|
keyversion
|
string
|
A versão da chave KeyVault.
|
|
lastKeyRotationTimestamp
|
string
|
Carimbo de data/hora da última rotação da chave do cofre da chave.
|
Kind
Indica o tipo de conta de armazenamento.
| Name |
Tipo |
Description |
|
BlobStorage
|
string
|
|
|
BlockBlobStorage
|
string
|
|
|
FileStorage
|
string
|
|
|
Storage
|
string
|
|
|
StorageV2
|
string
|
|
LargeFileSharesState
Permita compartilhamentos de arquivos grandes se definido como Habilitado. Ele não pode ser desativado uma vez que está ativado.
| Name |
Tipo |
Description |
|
Disabled
|
string
|
|
|
Enabled
|
string
|
|
MinimumTlsVersion
Defina a versão mínima do TLS a ser permitida em solicitações de armazenamento. A interpretação padrão é TLS 1.0 para esta propriedade.
| Name |
Tipo |
Description |
|
TLS1_0
|
string
|
|
|
TLS1_1
|
string
|
|
|
TLS1_2
|
string
|
|
|
TLS1_3
|
string
|
|
NetworkRuleSet
Conjunto de regras de rede
| Name |
Tipo |
Default value |
Description |
|
bypass
|
Bypass
|
AzureServices
|
Especifica se o tráfego é ignorado para Logging/Metrics/AzureServices. Os valores possíveis são qualquer combinação de Logging|Métricas|AzureServices (por exemplo, "Logging, Metrics") ou Nenhum para ignorar nenhum desses tráfegos.
|
|
defaultAction
|
DefaultAction
|
Allow
|
Especifica a ação padrão de permitir ou negar quando nenhuma outra regra corresponder.
|
|
ipRules
|
IPRule[]
|
|
Define as regras da ACL IP
|
|
resourceAccessRules
|
ResourceAccessRule[]
|
|
Define as regras de acesso aos recursos
|
|
virtualNetworkRules
|
VirtualNetworkRule[]
|
|
Define as regras de rede virtual
|
postFailoverRedundancy
O tipo de redundância da conta após a execução de um failover de conta.
| Name |
Tipo |
Description |
|
Standard_LRS
|
string
|
|
|
Standard_ZRS
|
string
|
|
postPlannedFailoverRedundancy
O tipo de redundância da conta após a execução de um failover de conta planejado.
| Name |
Tipo |
Description |
|
Standard_GRS
|
string
|
|
|
Standard_GZRS
|
string
|
|
|
Standard_RAGRS
|
string
|
|
|
Standard_RAGZRS
|
string
|
|
PrivateEndpoint
O recurso Ponto Final Privado.
| Name |
Tipo |
Description |
|
id
|
string
|
O identificador ARM para Private Endpoint
|
PrivateEndpointConnection
O recurso Private Endpoint Connection.
| Name |
Tipo |
Description |
|
id
|
string
|
ID de recurso totalmente qualificado para o recurso. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
name
|
string
|
O nome do recurso
|
|
properties.privateEndpoint
|
PrivateEndpoint
|
O recurso do ponto final privado.
|
|
properties.privateLinkServiceConnectionState
|
PrivateLinkServiceConnectionState
|
Uma recolha de informações sobre o estado da ligação entre o consumidor e o prestador de serviços.
|
|
properties.provisioningState
|
PrivateEndpointConnectionProvisioningState
|
O estado de provisionamento do recurso de conexão de ponto de extremidade privado.
|
|
type
|
string
|
O tipo do recurso. Por exemplo, "Microsoft.Compute/virtualMachines" ou "Microsoft.Storage/storageAccounts"
|
PrivateEndpointConnectionProvisioningState
O estado de provisionamento atual.
| Name |
Tipo |
Description |
|
Creating
|
string
|
|
|
Deleting
|
string
|
|
|
Failed
|
string
|
|
|
Succeeded
|
string
|
|
PrivateEndpointServiceConnectionStatus
O status da conexão de ponto de extremidade privado.
| Name |
Tipo |
Description |
|
Approved
|
string
|
|
|
Pending
|
string
|
|
|
Rejected
|
string
|
|
PrivateLinkServiceConnectionState
Uma recolha de informações sobre o estado da ligação entre o consumidor e o prestador de serviços.
| Name |
Tipo |
Description |
|
actionRequired
|
string
|
Uma mensagem indicando se as alterações no prestador de serviços exigem atualizações sobre o consumidor.
|
|
description
|
string
|
O motivo da aprovação/rejeição da ligação.
|
|
status
|
PrivateEndpointServiceConnectionStatus
|
Indica se a conexão foi aprovada/rejeitada/removida pelo proprietário do serviço.
|
ProvisioningState
Obtém o status da conta de armazenamento no momento em que a operação foi chamada.
| Name |
Tipo |
Description |
|
Creating
|
string
|
|
|
ResolvingDNS
|
string
|
|
|
Succeeded
|
string
|
|
PublicNetworkAccess
Permitir, não permitir ou permitir a configuração do Perímetro de Segurança de Rede para avaliar o acesso à rede pública à Conta de Armazenamento. O valor é opcional, mas se passado, deve ser 'Enabled', 'Disabled' ou 'SecuredByPerimeter'.
| Name |
Tipo |
Description |
|
Disabled
|
string
|
|
|
Enabled
|
string
|
|
|
SecuredByPerimeter
|
string
|
|
ResourceAccessRule
Regra de Acesso a Recursos.
| Name |
Tipo |
Description |
|
resourceId
|
string
|
ID do recurso
|
|
tenantId
|
string
|
ID do inquilino
|
RoutingChoice
A opção de roteamento define o tipo de roteamento de rede escolhido pelo usuário.
| Name |
Tipo |
Description |
|
InternetRouting
|
string
|
|
|
MicrosoftRouting
|
string
|
|
RoutingPreference
Preferência de roteamento define o tipo de rede, seja microsoft ou roteamento de internet a ser usado para entregar os dados do usuário, a opção padrão é roteamento microsoft
| Name |
Tipo |
Description |
|
publishInternetEndpoints
|
boolean
|
Um sinalizador booleano que indica se os pontos de extremidade de armazenamento de roteamento da Internet devem ser publicados
|
|
publishMicrosoftEndpoints
|
boolean
|
Um sinalizador booleano que indica se os pontos de extremidade de armazenamento de roteamento da Microsoft devem ser publicados
|
|
routingChoice
|
RoutingChoice
|
A opção de roteamento define o tipo de roteamento de rede escolhido pelo usuário.
|
SasPolicy
SasPolicy atribuído à conta de armazenamento.
| Name |
Tipo |
Default value |
Description |
|
expirationAction
|
ExpirationAction
|
Log
|
A ação de expiração SAS define a ação a ser executada quando sasPolicy.sasExpirationPeriod é violado. A ação 'Log' pode ser usada para fins de auditoria e a ação 'Bloquear' pode ser usada para bloquear e negar o uso de tokens SAS que não aderem ao período de expiração da política sas.
|
|
sasExpirationPeriod
|
string
|
|
O período de expiração do SAS, DD.HH:MM:SS.
|
Sku
O SKU da conta de armazenamento.
| Name |
Tipo |
Description |
|
name
|
SkuName
|
O nome SKU. Necessário para a criação de conta; opcional para atualização. Observe que, em versões mais antigas, o nome da SKU era chamado accountType.
|
|
tier
|
SkuTier
|
A camada de SKU. Isso é baseado no nome SKU.
|
SkuConversionStatus
Esta propriedade indica o status atual de conversão de sku.
| Name |
Tipo |
Description |
|
Failed
|
string
|
|
|
InProgress
|
string
|
|
|
Succeeded
|
string
|
|
SkuName
O nome SKU. Necessário para a criação de conta; opcional para atualização. Observe que, em versões mais antigas, o nome da SKU era chamado accountType.
| Name |
Tipo |
Description |
|
Premium_LRS
|
string
|
|
|
Premium_ZRS
|
string
|
|
|
Standard_GRS
|
string
|
|
|
Standard_GZRS
|
string
|
|
|
Standard_LRS
|
string
|
|
|
Standard_RAGRS
|
string
|
|
|
Standard_RAGZRS
|
string
|
|
|
Standard_ZRS
|
string
|
|
SkuTier
A camada de SKU. Isso é baseado no nome SKU.
| Name |
Tipo |
Description |
|
Premium
|
string
|
|
|
Standard
|
string
|
|
State
Obtém o estado da regra de rede virtual.
| Name |
Tipo |
Description |
|
Deprovisioning
|
string
|
|
|
Failed
|
string
|
|
|
NetworkSourceDeleted
|
string
|
|
|
Provisioning
|
string
|
|
|
Succeeded
|
string
|
|
StorageAccount
A conta de armazenamento.
| Name |
Tipo |
Description |
|
extendedLocation
|
ExtendedLocation
|
O extendedLocation do recurso.
|
|
id
|
string
|
ID de recurso totalmente qualificado para o recurso. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
identity
|
Identity
|
A identidade do recurso.
|
|
kind
|
Kind
|
Obtém o tipo.
|
|
location
|
string
|
A geolocalização onde o recurso vive
|
|
name
|
string
|
O nome do recurso
|
|
properties.accessTier
|
AccessTier
|
Necessário para contas de armazenamento onde kind = BlobStorage. A camada de acesso é usada para faturamento. A camada de acesso 'Premium' é o valor padrão para o tipo de conta de armazenamento de blobs de bloco premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de bloco premium.
|
|
properties.accountMigrationInProgress
|
boolean
|
Se a migração de conta iniciada pelo cliente estiver em andamento, o valor será verdadeiro, caso contrário, será nulo.
|
|
properties.allowBlobPublicAccess
|
boolean
|
Permitir ou não permitir o acesso público a todos os blobs ou contêineres na conta de armazenamento. A interpretação padrão é falsa para esta propriedade.
|
|
properties.allowCrossTenantReplication
|
boolean
|
Permitir ou não permitir replicação de objeto de locatário entre AAD. Defina essa propriedade como true para contas novas ou existentes somente se as políticas de replicação de objetos envolverem contas de armazenamento em diferentes locatários do AAD. A interpretação padrão é falsa para que novas contas sigam as melhores práticas de segurança por padrão.
|
|
properties.allowSharedKeyAccess
|
boolean
|
Indica se a conta de armazenamento permite que as solicitações sejam autorizadas com a chave de acesso da conta por meio da Chave Compartilhada. Se false, todas as solicitações, incluindo assinaturas de acesso compartilhado, devem ser autorizadas com o Azure Ative Directory (Azure AD). O valor padrão é null, que é equivalente a true.
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restrinja a cópia de e para Contas de Armazenamento dentro de um locatário do AAD ou com Links Privados para a mesma VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Fornece as configurações de autenticação baseada em identidade para Arquivos do Azure.
|
|
properties.blobRestoreStatus
|
BlobRestoreStatus
|
Estado de restauro de Blob
|
|
properties.creationTime
|
string
|
Obtém a data e a hora de criação da conta de armazenamento em UTC.
|
|
properties.customDomain
|
CustomDomain
|
Obtém o domínio personalizado que o usuário atribuiu a essa conta de armazenamento.
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
Um sinalizador booleano que indica se a autenticação padrão é OAuth ou não. A interpretação padrão é falsa para esta propriedade.
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
Permite especificar o tipo de ponto de extremidade. Defina isso como AzureDNSZone para criar um grande número de contas em uma única assinatura, que cria contas em uma Zona DNS do Azure e a URL do ponto de extremidade terá um identificador alfanumérico de Zona DNS.
|
|
properties.enableExtendedGroups
|
boolean
|
Habilita o suporte estendido a grupos com o recurso de usuários locais, se definido como true
|
|
properties.encryption
|
Encryption
|
Configurações de criptografia a serem usadas para criptografia do lado do servidor para a conta de armazenamento.
|
|
properties.failoverInProgress
|
boolean
|
Se o failover estiver em andamento, o valor será true, caso contrário, será nulo.
|
|
properties.geoReplicationStats
|
GeoReplicationStats
|
Estatísticas de replicação geográfica
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
A propriedade é imutável e só pode ser definida como true no momento da criação da conta. Quando definido como true, ele habilita a imutabilidade no nível do objeto para todos os contêineres na conta por padrão.
|
|
properties.isHnsEnabled
|
boolean
|
Account HierarchicalNamespace habilitado se definido como true.
|
|
properties.isLocalUserEnabled
|
boolean
|
Habilita o recurso de usuários locais, se definido como true
|
|
properties.isNfsV3Enabled
|
boolean
|
Suporte ao protocolo NFS 3.0 habilitado se definido como true.
|
|
properties.isSftpEnabled
|
boolean
|
Habilita o Protocolo de Transferência Segura de Arquivos, se definido como true
|
|
properties.isSkuConversionBlocked
|
boolean
|
Essa propriedade será definida como true ou false em um evento de migração em andamento. O valor padrão é null.
|
|
properties.keyCreationTime
|
KeyCreationTime
|
Tempo de criação das chaves da conta de armazenamento.
|
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Permita compartilhamentos de arquivos grandes se definido como Habilitado. Ele não pode ser desativado uma vez que está ativado.
|
|
properties.lastGeoFailoverTime
|
string
|
Obtém o carimbo de data/hora da instância mais recente de um failover para o local secundário. Apenas o carimbo de data/hora mais recente é mantido. Esse elemento não será retornado se nunca tiver havido uma instância de failover. Disponível apenas se o accountType estiver Standard_GRS ou Standard_RAGRS.
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Defina a versão mínima do TLS a ser permitida em solicitações de armazenamento. A interpretação padrão é TLS 1.0 para esta propriedade.
|
|
properties.networkAcls
|
NetworkRuleSet
|
Conjunto de regras de rede
|
|
properties.primaryEndpoints
|
Endpoints
|
Obtém as URLs usadas para executar uma recuperação de um blob público, fila ou objeto de tabela. Observe que Standard_ZRS e Premium_LRS contas retornam apenas o ponto de extremidade de blob.
|
|
properties.primaryLocation
|
string
|
Obtém o local do data center principal para a conta de armazenamento.
|
|
properties.privateEndpointConnections
|
PrivateEndpointConnection[]
|
Lista de conexão de ponto de extremidade privada associada à conta de armazenamento especificada
|
|
properties.provisioningState
|
ProvisioningState
|
Obtém o status da conta de armazenamento no momento em que a operação foi chamada.
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Permitir, não permitir ou permitir a configuração do Perímetro de Segurança de Rede para avaliar o acesso à rede pública à Conta de Armazenamento.
|
|
properties.routingPreference
|
RoutingPreference
|
Mantém informações sobre a opção de roteamento de rede escolhida pelo usuário para transferência de dados
|
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy atribuído à conta de armazenamento.
|
|
properties.secondaryEndpoints
|
Endpoints
|
Obtém as URLs usadas para executar uma recuperação de um blob público, fila ou objeto de tabela do local secundário da conta de armazenamento. Disponível apenas se o nome da SKU for Standard_RAGRS.
|
|
properties.secondaryLocation
|
string
|
Obtém o local do secundário replicado geograficamente para a conta de armazenamento. Disponível apenas se o accountType estiver Standard_GRS ou Standard_RAGRS.
|
|
properties.statusOfPrimary
|
AccountStatus
|
Obtém o status que indica se o local principal da conta de armazenamento está disponível ou indisponível.
|
|
properties.statusOfSecondary
|
AccountStatus
|
Obtém o status que indica se o local secundário da conta de armazenamento está disponível ou indisponível. Disponível apenas se o nome da SKU for Standard_GRS ou Standard_RAGRS.
|
|
properties.storageAccountSkuConversionStatus
|
StorageAccountSkuConversionStatus
|
Essa propriedade é readOnly e é definida pelo servidor durante operações assíncronas de conversão de sku de conta de armazenamento.
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Permite tráfego https somente para o serviço de armazenamento se definido como true.
|
|
sku
|
Sku
|
Obtém o SKU.
|
|
tags
|
object
|
Tags de recursos.
|
|
type
|
string
|
O tipo do recurso. Por exemplo, "Microsoft.Compute/virtualMachines" ou "Microsoft.Storage/storageAccounts"
|
StorageAccountInternetEndpoints
Os URIs que são usados para executar uma recuperação de um blob público, arquivo, web ou objeto dfs por meio de um ponto de extremidade de roteamento da Internet.
| Name |
Tipo |
Description |
|
blob
|
string
|
Obtém o ponto de extremidade blob.
|
|
dfs
|
string
|
Obtém o ponto de extremidade dfs.
|
|
file
|
string
|
Obtém o ponto de extremidade do arquivo.
|
|
web
|
string
|
Obtém o ponto de extremidade da Web.
|
StorageAccountMicrosoftEndpoints
Os URIs que são usados para executar uma recuperação de um blob público, fila, tabela, web ou objeto dfs por meio de um ponto de extremidade de roteamento da Microsoft.
| Name |
Tipo |
Description |
|
blob
|
string
|
Obtém o ponto de extremidade blob.
|
|
dfs
|
string
|
Obtém o ponto de extremidade dfs.
|
|
file
|
string
|
Obtém o ponto de extremidade do arquivo.
|
|
queue
|
string
|
Obtém o ponto de extremidade da fila.
|
|
table
|
string
|
Obtém o ponto de extremidade da tabela.
|
|
web
|
string
|
Obtém o ponto de extremidade da Web.
|
StorageAccountSkuConversionStatus
Isso define o objeto de status de conversão de sku para conversões de sku assíncronas.
| Name |
Tipo |
Description |
|
endTime
|
string
|
Esta propriedade representa a hora de término da conversão de sku.
|
|
skuConversionStatus
|
SkuConversionStatus
|
Esta propriedade indica o status atual de conversão de sku.
|
|
startTime
|
string
|
Esta propriedade representa a hora de início da conversão de sku.
|
|
targetSkuName
|
SkuName
|
Esta propriedade representa o nome da sku de destino para a qual a sku da conta está sendo convertida de forma assíncrona.
|
StorageAccountUpdateParameters
Os parâmetros que podem ser fornecidos ao atualizar as propriedades da conta de armazenamento.
| Name |
Tipo |
Description |
|
identity
|
Identity
|
A identidade do recurso.
|
|
kind
|
Kind
|
Opcional. Indica o tipo de conta de armazenamento. Atualmente, apenas o valor StorageV2 suportado pelo servidor.
|
|
properties.accessTier
|
AccessTier
|
Necessário para contas de armazenamento onde kind = BlobStorage. A camada de acesso é usada para faturamento. A camada de acesso 'Premium' é o valor padrão para o tipo de conta de armazenamento de blobs de bloco premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de bloco premium.
|
|
properties.allowBlobPublicAccess
|
boolean
|
Permitir ou não permitir o acesso público a todos os blobs ou contêineres na conta de armazenamento. A interpretação padrão é falsa para esta propriedade.
|
|
properties.allowCrossTenantReplication
|
boolean
|
Permitir ou não permitir replicação de objeto de locatário entre AAD. Defina essa propriedade como true para contas novas ou existentes somente se as políticas de replicação de objetos envolverem contas de armazenamento em diferentes locatários do AAD. A interpretação padrão é falsa para que novas contas sigam as melhores práticas de segurança por padrão.
|
|
properties.allowSharedKeyAccess
|
boolean
|
Indica se a conta de armazenamento permite que as solicitações sejam autorizadas com a chave de acesso da conta por meio da Chave Compartilhada. Se false, todas as solicitações, incluindo assinaturas de acesso compartilhado, devem ser autorizadas com o Azure Ative Directory (Azure AD). O valor padrão é null, que é equivalente a true.
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restrinja a cópia de e para Contas de Armazenamento dentro de um locatário do AAD ou com Links Privados para a mesma VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Fornece as configurações de autenticação baseada em identidade para Arquivos do Azure.
|
|
properties.customDomain
|
CustomDomain
|
Domínio personalizado atribuído à conta de armazenamento pelo usuário. Nome é a fonte CNAME. Apenas um domínio personalizado é suportado por conta de armazenamento no momento. Para limpar o domínio personalizado existente, use uma cadeia de caracteres vazia para a propriedade de nome de domínio personalizado.
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
Um sinalizador booleano que indica se a autenticação padrão é OAuth ou não. A interpretação padrão é falsa para esta propriedade.
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
Permite especificar o tipo de ponto de extremidade. Defina isso como AzureDNSZone para criar um grande número de contas em uma única assinatura, que cria contas em uma Zona DNS do Azure e a URL do ponto de extremidade terá um identificador alfanumérico de Zona DNS.
|
|
properties.enableExtendedGroups
|
boolean
|
Habilita o suporte estendido a grupos com o recurso de usuários locais, se definido como true
|
|
properties.encryption
|
Encryption
|
Não aplicável. A criptografia do Armazenamento do Azure em repouso é habilitada por padrão para todas as contas de armazenamento e não pode ser desabilitada.
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
A propriedade é imutável e só pode ser definida como true no momento da criação da conta. Quando definido como true, ele habilita a imutabilidade no nível do objeto para todos os contêineres na conta por padrão.
|
|
properties.isLocalUserEnabled
|
boolean
|
Habilita o recurso de usuários locais, se definido como true
|
|
properties.isSftpEnabled
|
boolean
|
Habilita o Protocolo de Transferência Segura de Arquivos, se definido como true
|
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Permita compartilhamentos de arquivos grandes se definido como Habilitado. Ele não pode ser desativado uma vez que está ativado.
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Defina a versão mínima do TLS a ser permitida em solicitações de armazenamento. A interpretação padrão é TLS 1.0 para esta propriedade.
|
|
properties.networkAcls
|
NetworkRuleSet
|
Conjunto de regras de rede
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Permitir, não permitir ou permitir a configuração do Perímetro de Segurança de Rede para avaliar o acesso à rede pública à Conta de Armazenamento. O valor é opcional, mas se passado, deve ser 'Enabled', 'Disabled' ou 'SecuredByPerimeter'.
|
|
properties.routingPreference
|
RoutingPreference
|
Mantém informações sobre a opção de roteamento de rede escolhida pelo usuário para transferência de dados
|
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy atribuído à conta de armazenamento.
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Permite tráfego https somente para o serviço de armazenamento se definido como true.
|
|
sku
|
Sku
|
Obtém ou define o nome da SKU. Observe que o nome SKU não pode ser atualizado para Standard_ZRS, Premium_LRS ou Premium_ZRS, nem as contas desses nomes de SKU podem ser atualizadas para qualquer outro valor.
|
|
tags
|
object
|
Obtém ou define uma lista de pares de valores de chave que descrevem o recurso. Essas tags podem ser usadas para visualizar e agrupar esse recurso (entre grupos de recursos). Um máximo de 15 tags podem ser fornecidas para um recurso. Cada tag deve ter uma chave de comprimento não superior a 128 caracteres e um valor não superior a 256 caracteres.
|
UserAssignedIdentity
UserAssignedIdentity para o recurso.
| Name |
Tipo |
Description |
|
clientId
|
string
|
O ID do cliente da identidade.
|
|
principalId
|
string
|
O ID principal da identidade.
|
VirtualNetworkRule
Regra de Rede Virtual.
| Name |
Tipo |
Default value |
Description |
|
action
|
Action
|
Allow
|
A ação da regra de rede virtual.
|
|
id
|
string
|
|
ID de recurso de uma sub-rede, por exemplo: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.
|
|
state
|
State
|
|
Obtém o estado da regra de rede virtual.
|