[Storage] az storage account create/update: Support --enable-smb-oauth to allow managed identities to access SMB shares using OAuth (#32177)

Co-authored-by: Azure CLI Team <AzPyCLI@microsoft.com>

Author: calvinhzy

src/azure-cli/azure/cli/command_modules/storage/_params.py

@@ -432,6 +432,10 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
                    help='Allow you to specify the type of endpoint. Set this to AzureDNSZone to create a large number '
                         'of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the '
                         'endpoint URL will have an alphanumeric DNS Zone identifier.')
+        c.argument('enable_smb_oauth', arg_type=get_three_state_flag(),
+                   arg_group='Azure Files Identity Based Authentication',
+                   help='Specifies if managed identities can access SMB shares using OAuth. '
+                        'The default interpretation is false for this property.')
 
     with self.argument_context('storage account private-endpoint-connection',
                                resource_type=ResourceType.MGMT_STORAGE) as c:
@@ -523,6 +527,9 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
         c.argument('upgrade_to_storagev2', arg_type=get_three_state_flag(),
                    help='Upgrade Storage Account Kind to StorageV2.')
         c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')
+        c.argument('enable_smb_oauth', arg_type=get_three_state_flag(),
+                   arg_group='Azure Files Identity Based Authentication',
+                   help='Specifies if managed identities can access SMB shares using OAuth. ')
 
     for scope in ['storage account create', 'storage account update']:
         with self.argument_context(scope, arg_group='Customer managed key',

src/azure-cli/azure/cli/command_modules/storage/operations/account.py

@@ -77,7 +77,8 @@ def create_storage_account(cmd, resource_group_name, account_name, sku=None, loc
                            allow_cross_tenant_replication=None, default_share_permission=None,
                            enable_nfs_v3=None, subnet=None, vnet_name=None, action='Allow', enable_alw=None,
                            immutability_period_since_creation_in_days=None, immutability_policy_state=None,
-                           allow_protected_append_writes=None, public_network_access=None, dns_endpoint_type=None):
+                           allow_protected_append_writes=None, public_network_access=None, dns_endpoint_type=None,
+                           enable_smb_oauth=None):
     StorageAccountCreateParameters, Kind, Sku, CustomDomain, AccessTier, Identity, Encryption, NetworkRuleSet = \
         cmd.get_models('StorageAccountCreateParameters', 'Kind', 'Sku', 'CustomDomain', 'AccessTier', 'Identity',
                        'Encryption', 'NetworkRuleSet')
@@ -198,6 +199,14 @@ def create_storage_account(cmd, resource_group_name, account_name, sku=None, loc
                 directory_service_options='None')
         params.azure_files_identity_based_authentication.default_share_permission = default_share_permission
 
+    if enable_smb_oauth is not None:
+        if params.azure_files_identity_based_authentication is None:
+            params.azure_files_identity_based_authentication = AzureFilesIdentityBasedAuthentication(
+                directory_service_options='None')
+        params.azure_files_identity_based_authentication.smb_o_auth_settings = {
+            "is_smb_o_auth_enabled": enable_smb_oauth
+        }
+
     if enable_large_file_share:
         LargeFileSharesState = cmd.get_models('LargeFileSharesState')
         params.large_file_shares_state = LargeFileSharesState("Enabled")
@@ -398,7 +407,7 @@ def update_storage_account(cmd, instance, sku=None, tags=None, custom_domain=Non
                            allow_cross_tenant_replication=None, default_share_permission=None,
                            immutability_period_since_creation_in_days=None, immutability_policy_state=None,
                            allow_protected_append_writes=None, public_network_access=None, upgrade_to_storagev2=None,
-                           yes=None):
+                           yes=None, enable_smb_oauth=None):
     StorageAccountUpdateParameters, Sku, CustomDomain, AccessTier, Identity, Encryption, NetworkRuleSet, Kind = \
         cmd.get_models('StorageAccountUpdateParameters', 'Sku', 'CustomDomain', 'AccessTier', 'Identity', 'Encryption',
                        'NetworkRuleSet', 'Kind')
@@ -610,6 +619,15 @@ def update_storage_account(cmd, instance, sku=None, tags=None, custom_domain=Non
                 else instance.azure_files_identity_based_authentication
         params.azure_files_identity_based_authentication.default_share_permission = default_share_permission
 
+    if enable_smb_oauth is not None:
+        if params.azure_files_identity_based_authentication is None:
+            params.azure_files_identity_based_authentication = AzureFilesIdentityBasedAuthentication(
+                directory_service_options='None') if instance.azure_files_identity_based_authentication is None \
+                else instance.azure_files_identity_based_authentication
+        params.azure_files_identity_based_authentication.smb_o_auth_settings = {
+            "is_smb_o_auth_enabled": enable_smb_oauth
+        }
+
     if assign_identity:
         params.identity = Identity(type='SystemAssigned')
     if enable_large_file_share: