[Storage] az storage account create/update: Add --sas-expiration-action to sas policy

[calvinhzy]

Related command

az stroage account create/update

Description

Add --sas-expiration-action to block expired sas policies.

Testing Guide

History Notes

[Storage] az storage account create/update: Add --sas-expiration-action to sas policy

---

This checklist is used to make sure that common guidelines for a pull request are followed.

• The PR title and description has followed the guideline in Submitting Pull Requests.

• I adhere to the Command Guidelines.

• I adhere to the Error Handling Guidelines.

[azure-client-tools-bot-prd]

️✔️AzureCLI-FullTest

️✔️acr

️✔️latest

️✔️3.12

️✔️3.9

️✔️acs

️✔️latest

️✔️3.12

️✔️3.9

️✔️advisor

️✔️latest

️✔️3.12

️✔️3.9

️✔️ams

️✔️latest

️✔️3.12

️✔️3.9

️✔️apim

️✔️latest

️✔️3.12

️✔️3.9

️✔️appconfig

️✔️latest

️✔️3.12

️✔️3.9

️✔️appservice

️✔️latest

️✔️3.12

️✔️3.9

️✔️aro

️✔️latest

️✔️3.12

️✔️3.9

️✔️backup

️✔️latest

️✔️3.12

️✔️3.9

️✔️batch

️✔️latest

️✔️3.12

️✔️3.9

️✔️batchai

️✔️latest

️✔️3.12

️✔️3.9

️✔️billing

️✔️latest

️✔️3.12

️✔️3.9

️✔️botservice

️✔️latest

️✔️3.12

️✔️3.9

️✔️cdn

️✔️latest

️✔️3.12

️✔️3.9

️✔️cloud

️✔️latest

️✔️3.12

️✔️3.9

️✔️cognitiveservices

️✔️latest

️✔️3.12

️✔️3.9

️✔️compute_recommender

️✔️latest

️✔️3.12

️✔️3.9

️✔️computefleet

️✔️latest

️✔️3.12

️✔️3.9

️✔️config

️✔️latest

️✔️3.12

️✔️3.9

️✔️configure

️✔️latest

️✔️3.12

️✔️3.9

️✔️consumption

️✔️latest

️✔️3.12

️✔️3.9

️✔️container

️✔️latest

️✔️3.12

️✔️3.9

️✔️containerapp

️✔️latest

️✔️3.12

️✔️3.9

️✔️core

️✔️latest

️✔️3.12

️✔️3.9

️✔️cosmosdb

️✔️latest

️✔️3.12

️✔️3.9

️✔️databoxedge

️✔️latest

️✔️3.12

️✔️3.9

️✔️dls

️✔️latest

️✔️3.12

️✔️3.9

️✔️dms

️✔️latest

️✔️3.12

️✔️3.9

️✔️eventgrid

️✔️latest

️✔️3.12

️✔️3.9

️✔️eventhubs

️✔️latest

️✔️3.12

️✔️3.9

️✔️feedback

️✔️latest

️✔️3.12

️✔️3.9

️✔️find

️✔️latest

️✔️3.12

️✔️3.9

️✔️hdinsight

️✔️latest

️✔️3.12

️✔️3.9

️✔️identity

️✔️latest

️✔️3.12

️✔️3.9

️✔️iot

️✔️latest

️✔️3.12

️✔️3.9

️✔️keyvault

️✔️latest

️✔️3.12

️✔️3.9

️✔️lab

️✔️latest

️✔️3.12

️✔️3.9

️✔️managedservices

️✔️latest

️✔️3.12

️✔️3.9

️✔️maps

️✔️latest

️✔️3.12

️✔️3.9

️✔️marketplaceordering

️✔️latest

️✔️3.12

️✔️3.9

️✔️monitor

️✔️latest

️✔️3.12

️✔️3.9

️✔️mysql

️✔️latest

️✔️3.12

️✔️3.9

️✔️netappfiles

️✔️latest

️✔️3.12

️✔️3.9

️✔️network

️✔️latest

️✔️3.12

️✔️3.9

️✔️policyinsights

️✔️latest

️✔️3.12

️✔️3.9

️✔️privatedns

️✔️latest

️✔️3.12

️✔️3.9

️✔️profile

️✔️latest

️✔️3.12

️✔️3.9

️✔️rdbms

️✔️latest

️✔️3.12

️✔️3.9

️✔️redis

️✔️latest

️✔️3.12

️✔️3.9

️✔️relay

️✔️latest

️✔️3.12

️✔️3.9

️✔️resource

️✔️latest

️✔️3.12

️✔️3.9

️✔️role

️✔️latest

️✔️3.12

️✔️3.9

️✔️search

️✔️latest

️✔️3.12

️✔️3.9

️✔️security

️✔️latest

️✔️3.12

️✔️3.9

️✔️servicebus

️✔️latest

️✔️3.12

️✔️3.9

️✔️serviceconnector

️✔️latest

️✔️3.12

️✔️3.9

️✔️servicefabric

️✔️latest

️✔️3.12

️✔️3.9

️✔️signalr

️✔️latest

️✔️3.12

️✔️3.9

️✔️sql

️✔️latest

️✔️3.12

️✔️3.9

️✔️sqlvm

️✔️latest

️✔️3.12

️✔️3.9

️✔️storage

️✔️latest

️✔️3.12

️✔️3.9

️✔️synapse

️✔️latest

️✔️3.12

️✔️3.9

️✔️telemetry

️✔️latest

️✔️3.12

️✔️3.9

️✔️util

️✔️latest

️✔️3.12

️✔️3.9

️✔️vm

️✔️latest

️✔️3.12

️✔️3.9

[azure-client-tools-bot-prd]

Hi @calvinhzy,
Since the current milestone time is less than 7 days, this pr will be reviewed in the next milestone.

[azure-client-tools-bot-prd]

⚠️AzureCLI-BreakingChangeTest

⚠️storage

rule	cmd_name	rule_message	suggest_message
⚠️ 1006 - ParaAdd	storage account create	cmd storage account create added parameter sas_expiration_action
⚠️ 1006 - ParaAdd	storage account update	cmd storage account update added parameter sas_expiration_action

[yonzhan]

Thank you for your contribution! We will review the pull request and get back to you soon.

[github-actions]

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

[Copilot]

Pull Request Overview

This PR introduces a new parameter, --sas-expiration-action, to the storage account create/update commands to allow specifying the SAS expiration behavior. Key changes include updated tests to validate the new parameter, modifications in the account operations to enforce that --sas-expiration-action is specified only together with --sas-expiration-period, and updated CLI parameter definitions.

Reviewed Changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated no comments.

File	Description
tests/latest/test_storage_account_scenarios.py	Added tests verifying behavior for the new SAS expiration action parameter including error conditions.
azure/cli/command_modules/storage/operations/account.py	Updated create and update functions to accept the new --sas-expiration-action parameter and enforce its correct usage.
azure/cli/command_modules/storage/_params.py	Registered the new CLI argument with an appropriate help message and type definition.

Comments suppressed due to low confidence (2)

src/azure-cli/azure/cli/command_modules/storage/operations/account.py:270

• Consider adding an inline comment here to clarify that providing --sas-expiration-action without --sas-expiration-period is invalid and will trigger an error.

        if sas_expiration_period is None and sas_expiration_action is not None:

src/azure-cli/azure/cli/command_modules/storage/operations/account.py:662

• Consider adding a comment explaining the fallback logic for sas_expiration_action (defaulting to 'Log' or using the existing instance value) to improve clarity for future maintainers.

        if sas_expiration_action is None: