diff --git a/src/azure-cli/HISTORY.rst b/src/azure-cli/HISTORY.rst index 9b5d88c1d25..1b688a4b66c 100644 --- a/src/azure-cli/HISTORY.rst +++ b/src/azure-cli/HISTORY.rst @@ -3,6 +3,11 @@ Release History =============== +**Stoarge** + +* Upgrade azure-mgmt-storage version to 7.1.0 +* `az storage account create`: Add `--encryption-key-type-for-table` and `--encryption-key-type-for-queue` to support Table and Queue Encryption Service + 2.0.79 ++++++ @@ -60,6 +65,7 @@ Release History * Update azure-mgmt-storage version to 7.0.0 to use api version 2019-06-01 * Add new parameters `--enable-delete-retention` and `--delete-retention-days` to support managing delete retention policy for storage account blob-service-properties. + 2.0.78 ++++++ diff --git a/src/azure-cli/azure/cli/command_modules/storage/_help.py b/src/azure-cli/azure/cli/command_modules/storage/_help.py index 0951ea00ce4..734860d39a3 100644 --- a/src/azure-cli/azure/cli/command_modules/storage/_help.py +++ b/src/azure-cli/azure/cli/command_modules/storage/_help.py @@ -61,12 +61,14 @@ long-summary: > The SKU of the storage account defaults to 'Standard_RAGRS'. examples: - - name: Create a storage account 'MyStorageAccount' in resource group 'MyResourceGroup' in the West US region with locally redundant storage. - text: az storage account create -n MyStorageAccount -g MyResourceGroup -l westus --sku Standard_LRS + - name: Create a storage account 'mystorageaccount' in resource group 'MyResourceGroup' in the West US region with locally redundant storage. + text: az storage account create -n mystorageaccount -g MyResourceGroup -l westus --sku Standard_LRS unsupported-profiles: 2017-03-09-profile - - name: Create a storage account 'MyStorageAccount' in resource group 'MyResourceGroup' in the West US region with locally redundant storage. - text: az storage account create -n MyStorageAccount -g MyResourceGroup -l westus --account-type Standard_LRS + - name: Create a storage account 'mystorageaccount' in resource group 'MyResourceGroup' in the West US region with locally redundant storage. + text: az storage account create -n mystorageaccount -g MyResourceGroup -l westus --account-type Standard_LRS supported-profiles: 2017-03-09-profile + - name: Create a storage account 'mystorageaccount' in resource group 'MyResourceGroup' in the eastus2euap region with account-scoped encryption key enabled for Table Service. + text: az storage account create -n mystorageaccount -g MyResourceGroup --kind StorageV2 -l eastus2euap -t Account """ helps['storage account delete'] = """ diff --git a/src/azure-cli/azure/cli/command_modules/storage/_params.py b/src/azure-cli/azure/cli/command_modules/storage/_params.py index 9b4dc0d88ea..75f9d03b650 100644 --- a/src/azure-cli/azure/cli/command_modules/storage/_params.py +++ b/src/azure-cli/azure/cli/command_modules/storage/_params.py @@ -159,6 +159,16 @@ def load_arguments(self, _): # pylint: disable=too-many-locals, too-many-statem help=" Allow the blob service to exhibit filesystem semantics. This property can be enabled only " "when storage account kind is StorageV2.", min_api='2018-02-01') + c.argument('encryption_key_type_for_table', arg_type=get_enum_type(['Account', 'Service']), + help='Set the encryption key type for Table service. "Account": Table will be encrypted ' + 'with account-scoped encryption key. "Service": Table will always be encrypted with ' + 'service-scoped keys. Currently the default encryption key type is "Service".', + min_api='2019-06-01', options_list=['--encryption-key-type-for-table', '-t']) + c.argument('encryption_key_type_for_queue', arg_type=get_enum_type(['Account', 'Service']), + help='Set the encryption key type for Queue service. "Account": Queue will be encrypted ' + 'with account-scoped encryption key. "Service": Queue will always be encrypted with ' + 'service-scoped keys. Currently the default encryption key type is "Service".', + min_api='2019-06-01', options_list=['--encryption-key-type-for-queue', '-q']) with self.argument_context('storage account update', resource_type=ResourceType.MGMT_STORAGE) as c: c.register_common_storage_account_options() diff --git a/src/azure-cli/azure/cli/command_modules/storage/operations/account.py b/src/azure-cli/azure/cli/command_modules/storage/operations/account.py index b216342bd89..96ff1d40d3f 100644 --- a/src/azure-cli/azure/cli/command_modules/storage/operations/account.py +++ b/src/azure-cli/azure/cli/command_modules/storage/operations/account.py @@ -13,13 +13,14 @@ logger = get_logger(__name__) -# pylint: disable=too-many-locals +# pylint: disable=too-many-locals, too-many-statements def create_storage_account(cmd, resource_group_name, account_name, sku=None, location=None, kind=None, tags=None, custom_domain=None, encryption_services=None, access_tier=None, https_only=None, enable_files_aadds=None, bypass=None, default_action=None, assign_identity=False, enable_large_file_share=None, enable_files_adds=None, domain_name=None, net_bios_domain_name=None, forest_name=None, domain_guid=None, domain_sid=None, - azure_storage_sid=None, enable_hierarchical_namespace=None): + azure_storage_sid=None, enable_hierarchical_namespace=None, + encryption_key_type_for_table=None, encryption_key_type_for_queue=None): StorageAccountCreateParameters, Kind, Sku, CustomDomain, AccessTier, Identity, Encryption, NetworkRuleSet = \ cmd.get_models('StorageAccountCreateParameters', 'Kind', 'Sku', 'CustomDomain', 'AccessTier', 'Identity', 'Encryption', 'NetworkRuleSet') @@ -86,6 +87,18 @@ def create_storage_account(cmd, resource_group_name, account_name, sku=None, loc params.network_rule_set = NetworkRuleSet(bypass=bypass, default_action=default_action, ip_rules=None, virtual_network_rules=None) + if encryption_key_type_for_table is not None or encryption_key_type_for_queue is not None: + EncryptionServices = cmd.get_models('EncryptionServices') + EncryptionService = cmd.get_models('EncryptionService') + params.encryption = Encryption() + params.encryption.services = EncryptionServices() + if encryption_key_type_for_table is not None: + table_encryption_service = EncryptionService(enabled=True, key_type=encryption_key_type_for_table) + params.encryption.services.table = table_encryption_service + if encryption_key_type_for_queue is not None: + queue_encryption_service = EncryptionService(enabled=True, key_type=encryption_key_type_for_queue) + params.encryption.services.queue = queue_encryption_service + return scf.storage_accounts.create(resource_group_name, account_name, params) diff --git a/src/azure-cli/azure/cli/command_modules/storage/tests/latest/recordings/test_storage_create_with_encryption_key_type.yaml b/src/azure-cli/azure/cli/command_modules/storage/tests/latest/recordings/test_storage_create_with_encryption_key_type.yaml new file mode 100644 index 00000000000..3e112de63d1 --- /dev/null +++ b/src/azure-cli/azure/cli/command_modules/storage/tests/latest/recordings/test_storage_create_with_encryption_key_type.yaml @@ -0,0 +1,150 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - storage account create + Connection: + - keep-alive + ParameterSetName: + - -n -g --kind -t -q + User-Agent: + - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 + azure-mgmt-resource/6.0.0 Azure-SDK-For-Python AZURECLI/2.0.79 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_storage_account_encryption000001?api-version=2019-07-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_storage_account_encryption000001","name":"cli_storage_account_encryption000001","type":"Microsoft.Resources/resourceGroups","location":"eastus2euap","tags":{"product":"azurecli","cause":"automation","date":"2020-01-09T15:38:38Z"},"properties":{"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '433' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 09 Jan 2020 15:38:44 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"sku": {"name": "Standard_RAGRS"}, "kind": "StorageV2", "location": "eastus2euap", + "properties": {"encryption": {"services": {"table": {"enabled": true, "keyType": + "Account"}, "queue": {"enabled": true, "keyType": "Service"}}, "keySource": + "Microsoft.Storage"}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - storage account create + Connection: + - keep-alive + Content-Length: + - '263' + Content-Type: + - application/json; charset=utf-8 + ParameterSetName: + - -n -g --kind -t -q + User-Agent: + - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 + azure-mgmt-storage/7.1.0 Azure-SDK-For-Python AZURECLI/2.0.79 + accept-language: + - en-US + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_storage_account_encryption000001/providers/Microsoft.Storage/storageAccounts/cliencryption000002?api-version=2019-06-01 + response: + body: + string: '' + headers: + cache-control: + - no-cache + content-length: + - '0' + content-type: + - text/plain; charset=utf-8 + date: + - Thu, 09 Jan 2020 15:38:49 GMT + expires: + - '-1' + location: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Storage/locations/eastus2euap/asyncoperations/d8641a9c-2b25-42d1-9c6e-f15ef09124c0?monitor=true&api-version=2019-06-01 + pragma: + - no-cache + server: + - Microsoft-Azure-Storage-Resource-Provider/1.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + status: + code: 202 + message: Accepted +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - storage account create + Connection: + - keep-alive + ParameterSetName: + - -n -g --kind -t -q + User-Agent: + - python/3.7.4 (Windows-10-10.0.18362-SP0) msrest/0.6.10 msrest_azure/0.6.2 + azure-mgmt-storage/7.1.0 Azure-SDK-For-Python AZURECLI/2.0.79 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Storage/locations/eastus2euap/asyncoperations/d8641a9c-2b25-42d1-9c6e-f15ef09124c0?monitor=true&api-version=2019-06-01 + response: + body: + string: '{"sku":{"name":"Standard_RAGRS","tier":"Standard"},"kind":"StorageV2","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_storage_account_encryption000001/providers/Microsoft.Storage/storageAccounts/cliencryption000002","name":"cliencryption000002","type":"Microsoft.Storage/storageAccounts","location":"eastus2euap","tags":{},"properties":{"privateEndpointConnections":[],"networkAcls":{"bypass":"AzureServices","virtualNetworkRules":[],"ipRules":[],"defaultAction":"Allow"},"supportsHttpsTrafficOnly":true,"encryption":{"services":{"file":{"keyType":"Account","enabled":true,"lastEnabledTime":"2020-01-09T15:38:49.1955953Z"},"table":{"keyType":"Account","enabled":true,"lastEnabledTime":"2020-01-09T15:38:49.1955953Z"},"blob":{"keyType":"Account","enabled":true,"lastEnabledTime":"2020-01-09T15:38:49.1955953Z"}},"keySource":"Microsoft.Storage"},"accessTier":"Hot","provisioningState":"Succeeded","creationTime":"2020-01-09T15:38:49.1331246Z","primaryEndpoints":{"dfs":"https://cliencryption000002.dfs.core.windows.net/","web":"https://cliencryption000002.z3.web.core.windows.net/","blob":"https://cliencryption000002.blob.core.windows.net/","queue":"https://cliencryption000002.queue.core.windows.net/","table":"https://cliencryption000002.table.core.windows.net/","file":"https://cliencryption000002.file.core.windows.net/"},"primaryLocation":"eastus2euap","statusOfPrimary":"available","secondaryLocation":"centraluseuap","statusOfSecondary":"available","secondaryEndpoints":{"dfs":"https://cliencryption000002-secondary.dfs.core.windows.net/","web":"https://cliencryption000002-secondary.z3.web.core.windows.net/","blob":"https://cliencryption000002-secondary.blob.core.windows.net/","queue":"https://cliencryption000002-secondary.queue.core.windows.net/","table":"https://cliencryption000002-secondary.table.core.windows.net/"}}}' + headers: + cache-control: + - no-cache + content-length: + - '1965' + content-type: + - application/json + date: + - Thu, 09 Jan 2020 15:39:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-Azure-Storage-Resource-Provider/1.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +version: 1 diff --git a/src/azure-cli/azure/cli/command_modules/storage/tests/latest/test_storage_account_scenarios.py b/src/azure-cli/azure/cli/command_modules/storage/tests/latest/test_storage_account_scenarios.py index 08c4307a4ec..6792fe89f70 100644 --- a/src/azure-cli/azure/cli/command_modules/storage/tests/latest/test_storage_account_scenarios.py +++ b/src/azure-cli/azure/cli/command_modules/storage/tests/latest/test_storage_account_scenarios.py @@ -190,6 +190,18 @@ def test_storage_create_with_hns_false(self, resource_group): create_cmd = 'az storage account create -n {} -g {} --kind StorageV2 --hns false'.format(name, resource_group) self.cmd(create_cmd, checks=[JMESPathCheck('isHnsEnabled', False)]) + @api_version_constraint(ResourceType.MGMT_STORAGE, min_api='2019-06-01') + @ResourceGroupPreparer(location='eastus2euap', name_prefix='cli_storage_account_encryption') + def test_storage_create_with_encryption_key_type(self, resource_group): + name = self.create_random_name(prefix='cliencryption', length=24) + create_cmd = 'az storage account create -n {} -g {} --kind StorageV2 -t Account -q Service'.format( + name, resource_group) + self.cmd(create_cmd, checks=[ + JMESPathCheck('encryption.services.queue', None), + JMESPathCheck('encryption.services.table.enabled', True), + JMESPathCheck('encryption.services.table.keyType', 'Account'), + ]) + def test_show_usage(self): self.cmd('storage account show-usage -l westus', checks=JMESPathCheck('name.value', 'StorageAccounts')) diff --git a/src/azure-cli/requirements.py2.Darwin.txt b/src/azure-cli/requirements.py2.Darwin.txt index c3b7d3d38c3..66e854beb48 100644 --- a/src/azure-cli/requirements.py2.Darwin.txt +++ b/src/azure-cli/requirements.py2.Darwin.txt @@ -75,7 +75,7 @@ azure-mgmt-servicefabric==0.2.0 azure-mgmt-signalr==0.3.0 azure-mgmt-sql==0.15.0 azure-mgmt-sqlvirtualmachine==0.5.0 -azure-mgmt-storage==7.0.0 +azure-mgmt-storage==7.1.0 azure-mgmt-trafficmanager==0.51.0 azure-mgmt-web==0.42.0 azure-multiapi-storage==0.2.4 diff --git a/src/azure-cli/requirements.py2.Linux.txt b/src/azure-cli/requirements.py2.Linux.txt index c3b7d3d38c3..66e854beb48 100644 --- a/src/azure-cli/requirements.py2.Linux.txt +++ b/src/azure-cli/requirements.py2.Linux.txt @@ -75,7 +75,7 @@ azure-mgmt-servicefabric==0.2.0 azure-mgmt-signalr==0.3.0 azure-mgmt-sql==0.15.0 azure-mgmt-sqlvirtualmachine==0.5.0 -azure-mgmt-storage==7.0.0 +azure-mgmt-storage==7.1.0 azure-mgmt-trafficmanager==0.51.0 azure-mgmt-web==0.42.0 azure-multiapi-storage==0.2.4 diff --git a/src/azure-cli/requirements.py2.windows.txt b/src/azure-cli/requirements.py2.windows.txt index 38d2228d42b..76e76726bdd 100644 --- a/src/azure-cli/requirements.py2.windows.txt +++ b/src/azure-cli/requirements.py2.windows.txt @@ -74,7 +74,7 @@ azure-mgmt-servicefabric==0.2.0 azure-mgmt-signalr==0.3.0 azure-mgmt-sql==0.15.0 azure-mgmt-sqlvirtualmachine==0.5.0 -azure-mgmt-storage==7.0.0 +azure-mgmt-storage==7.1.0 azure-mgmt-trafficmanager==0.51.0 azure-mgmt-web==0.42.0 azure-multiapi-storage==0.2.4 diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt index 73300b908dc..7b178e4b1a0 100644 --- a/src/azure-cli/requirements.py3.Darwin.txt +++ b/src/azure-cli/requirements.py3.Darwin.txt @@ -75,7 +75,7 @@ azure-mgmt-servicefabric==0.2.0 azure-mgmt-signalr==0.3.0 azure-mgmt-sql==0.15.0 azure-mgmt-sqlvirtualmachine==0.5.0 -azure-mgmt-storage==7.0.0 +azure-mgmt-storage==7.1.0 azure-mgmt-trafficmanager==0.51.0 azure-mgmt-web==0.42.0 azure-multiapi-storage==0.2.4 diff --git a/src/azure-cli/requirements.py3.Linux.txt b/src/azure-cli/requirements.py3.Linux.txt index 73300b908dc..7b178e4b1a0 100644 --- a/src/azure-cli/requirements.py3.Linux.txt +++ b/src/azure-cli/requirements.py3.Linux.txt @@ -75,7 +75,7 @@ azure-mgmt-servicefabric==0.2.0 azure-mgmt-signalr==0.3.0 azure-mgmt-sql==0.15.0 azure-mgmt-sqlvirtualmachine==0.5.0 -azure-mgmt-storage==7.0.0 +azure-mgmt-storage==7.1.0 azure-mgmt-trafficmanager==0.51.0 azure-mgmt-web==0.42.0 azure-multiapi-storage==0.2.4 diff --git a/src/azure-cli/requirements.py3.windows.txt b/src/azure-cli/requirements.py3.windows.txt index 5f67fb995b9..af8ea7a31a3 100644 --- a/src/azure-cli/requirements.py3.windows.txt +++ b/src/azure-cli/requirements.py3.windows.txt @@ -74,7 +74,7 @@ azure-mgmt-servicefabric==0.2.0 azure-mgmt-signalr==0.3.0 azure-mgmt-sql==0.15.0 azure-mgmt-sqlvirtualmachine==0.5.0 -azure-mgmt-storage==7.0.0 +azure-mgmt-storage==7.1.0 azure-mgmt-trafficmanager==0.51.0 azure-mgmt-web==0.42.0 azure-multiapi-storage==0.2.4 diff --git a/src/azure-cli/setup.py b/src/azure-cli/setup.py index 19ad93dc58a..d04709e6019 100644 --- a/src/azure-cli/setup.py +++ b/src/azure-cli/setup.py @@ -122,7 +122,7 @@ 'azure-mgmt-signalr~=0.3.0', 'azure-mgmt-sql~=0.15.0', 'azure-mgmt-sqlvirtualmachine~=0.5.0', - 'azure-mgmt-storage~=7.0.0', + 'azure-mgmt-storage~=7.1.0', 'azure-mgmt-trafficmanager~=0.51.0', 'azure-mgmt-web~=0.42.0', 'azure-multiapi-storage~=0.2.4',