forked from Azure/azure-cli
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path_params.py
More file actions
2800 lines (2526 loc) · 202 KB
/
_params.py
File metadata and controls
2800 lines (2526 loc) · 202 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# --------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# --------------------------------------------------------------------------------------------
from azure.cli.core.profiles import ResourceType
from azure.cli.core.commands.validators import get_default_location_from_resource_group
from azure.cli.core.commands.parameters import (tags_type, file_type, get_location_type,
get_enum_type, get_three_state_flag, edge_zone_type)
from azure.cli.core.local_context import LocalContextAttribute, LocalContextAction, ALL
from ._validators import (get_datetime_type, validate_metadata, get_permission_validator, get_permission_help_string,
validate_entity, validate_select, validate_blob_type,
validate_included_datasets_validator, validate_custom_domain, validate_hns_migration_type,
validate_container_public_access,
add_progress_callback, process_resource_group,
storage_account_key_options, process_metric_update_namespace,
get_char_options_validator, validate_bypass, validate_encryption_source, validate_marker,
validate_storage_data_plane_list, validate_azcopy_sync_destination_path,
validate_azcopy_remove_arguments, as_user_validator, parse_storage_account,
validate_delete_retention_days, validate_container_delete_retention_days,
validate_file_delete_retention_days, validator_change_feed_retention_days,
validate_fs_public_access, validate_logging_version, validate_or_policy, validate_policy,
get_api_version_type, blob_download_file_path_validator, blob_tier_validator, validate_subnet,
validate_immutability_arguments, validate_blob_name_for_upload, validate_share_close_handle,
blob_tier_validator_track2, services_type_v2, resource_type_type_v2, PermissionScopeAddAction,
SshPublicKeyAddAction)
def load_arguments(self, _): # pylint: disable=too-many-locals, too-many-statements, too-many-lines, too-many-branches, line-too-long
from argcomplete.completers import FilesCompleter
from knack.arguments import ignore_type, CLIArgumentType
from azure.cli.core.commands.parameters import get_resource_name_completion_list
from .completers import get_storage_name_completion_list
t_base_blob_service = self.get_sdk('blob.baseblobservice#BaseBlobService')
t_file_service = self.get_sdk('file#FileService')
t_share_service = self.get_sdk('_share_service_client#ShareServiceClient',
resource_type=ResourceType.DATA_STORAGE_FILESHARE)
t_queue_service = self.get_sdk('_queue_service_client#QueueServiceClient',
resource_type=ResourceType.DATA_STORAGE_QUEUE)
t_table_service = self.get_sdk('_table_service_client#TableServiceClient',
resource_type=ResourceType.DATA_STORAGE_TABLE)
storage_account_type = CLIArgumentType(options_list='--storage-account',
help='The name or ID of the storage account.',
validator=parse_storage_account, id_part='name')
acct_name_type = CLIArgumentType(options_list=['--account-name', '-n'], help='The storage account name.',
id_part='name',
completer=get_resource_name_completion_list('Microsoft.Storage/storageAccounts'),
local_context_attribute=LocalContextAttribute(
name='storage_account_name', actions=[LocalContextAction.GET]))
blob_name_type = CLIArgumentType(options_list=['--blob-name', '-b'], help='The blob name.',
completer=get_storage_name_completion_list(t_base_blob_service, 'list_blobs',
parent='container_name'))
container_name_type = CLIArgumentType(options_list=['--container-name', '-c'], help='The container name.',
completer=get_storage_name_completion_list(t_base_blob_service,
'list_containers'))
directory_type = CLIArgumentType(options_list=['--directory-name', '-d'], help='The directory name.',
completer=get_storage_name_completion_list(t_file_service,
'list_directories_and_files',
parent='share_name'))
file_name_type = CLIArgumentType(options_list=['--file-name', '-f'],
completer=get_storage_name_completion_list(t_file_service,
'list_directories_and_files',
parent='share_name'))
share_name_type = CLIArgumentType(options_list=['--share-name', '-s'], help='The file share name.',
completer=get_storage_name_completion_list(t_share_service, 'list_shares'))
table_name_type = CLIArgumentType(options_list=['--table-name', '-t'], help='The table name.',
completer=get_storage_name_completion_list(t_table_service, 'list_tables'))
queue_name_type = CLIArgumentType(options_list=['--queue-name', '-q'], help='The queue name.',
completer=get_storage_name_completion_list(t_queue_service, 'list_queues'))
progress_type = CLIArgumentType(help='Include this flag to disable progress reporting for the command.',
action='store_true', validator=add_progress_callback)
large_file_share_type = CLIArgumentType(
action='store_true',
help='Enable the capability to support large file shares with more than 5 TiB capacity for storage account.'
'Once the property is enabled, the feature cannot be disabled. Currently only supported for LRS and '
'ZRS replication types, hence account conversions to geo-redundant accounts would not be possible. '
'For more information, please refer to https://go.microsoft.com/fwlink/?linkid=2086047.')
adds_type = CLIArgumentType(arg_type=get_three_state_flag(),
arg_group='Azure Files Identity Based Authentication',
help='Enable Azure Files Active Directory Domain Service Authentication for '
'storage account. When --enable-files-adds is set to true, Azure Active '
'Directory Properties arguments must be provided.')
aadkerb_type = CLIArgumentType(arg_type=get_three_state_flag(),
arg_group='Azure Files Identity Based Authentication',
help='Enable Azure Files Active Directory Domain Service Kerberos Authentication '
'for the storage account')
aadds_type = CLIArgumentType(arg_type=get_three_state_flag(),
arg_group='Azure Files Identity Based Authentication',
help='Enable Azure Active Directory Domain Services authentication for Azure Files')
domain_name_type = CLIArgumentType(arg_group="Azure Active Directory Properties",
help="Specify the primary domain that the AD DNS server is authoritative for. "
"Required when --enable-files-adds is set to True")
net_bios_domain_name_type = CLIArgumentType(arg_group="Azure Active Directory Properties",
help="Specify the NetBIOS domain name. "
"Required when --enable-files-adds is set to True")
forest_name_type = CLIArgumentType(arg_group="Azure Active Directory Properties",
help="Specify the Active Directory forest to get. "
"Required when --enable-files-adds is set to True")
domain_guid_type = CLIArgumentType(arg_group="Azure Active Directory Properties",
help="Specify the domain GUID. Required when --enable-files-adds is set to True")
domain_sid_type = CLIArgumentType(arg_group="Azure Active Directory Properties",
help="Specify the security identifier (SID). Required when --enable-files-adds "
"is set to True")
azure_storage_sid_type = CLIArgumentType(arg_group="Azure Active Directory Properties",
help="Specify the security identifier (SID) for Azure Storage. "
"Required when --enable-files-adds is set to True")
sam_account_name_type = CLIArgumentType(arg_group="Azure Active Directory Properties",
help="Specify the Active Directory SAMAccountName for Azure Storage.")
t_account_type = self.get_models('AccountType', resource_type=ResourceType.MGMT_STORAGE)
account_type_type = CLIArgumentType(arg_group="Azure Active Directory Properties",
arg_type=get_enum_type(t_account_type),
help="Specify the Active Directory account type for Azure Storage.")
exclude_pattern_type = CLIArgumentType(arg_group='Additional Flags', help='Exclude these files where the name '
'matches the pattern list. For example: *.jpg;*.pdf;exactName. This '
'option supports wildcard characters (*)')
include_pattern_type = CLIArgumentType(arg_group='Additional Flags', help='Include only these files where the name '
'matches the pattern list. For example: *.jpg;*.pdf;exactName. This '
'option supports wildcard characters (*)')
exclude_path_type = CLIArgumentType(arg_group='Additional Flags', help='Exclude these paths. This option does not '
'support wildcard characters (*). Checks relative path prefix. For example: '
'myFolder;myFolder/subDirName/file.pdf.')
include_path_type = CLIArgumentType(arg_group='Additional Flags', help='Include only these paths. This option does '
'not support wildcard characters (*). Checks relative path prefix. For example:'
'myFolder;myFolder/subDirName/file.pdf')
recursive_type = CLIArgumentType(options_list=['--recursive', '-r'], action='store_true',
help='Look into sub-directories recursively.')
sas_help = 'The permissions the SAS grants. Allowed values: {}. Do not use if a stored access policy is ' \
'referenced with --id that specifies this value. Can be combined.'
t_routing_choice = self.get_models('RoutingChoice', resource_type=ResourceType.MGMT_STORAGE)
routing_choice_type = CLIArgumentType(
arg_group='Routing Preference', arg_type=get_enum_type(t_routing_choice),
help='Routing Choice defines the kind of network routing opted by the user.')
publish_microsoft_endpoints_type = CLIArgumentType(
arg_group='Routing Preference', arg_type=get_three_state_flag(),
help='A boolean flag which indicates whether microsoft routing storage endpoints are to be published.')
publish_internet_endpoints_type = CLIArgumentType(
arg_group='Routing Preference', arg_type=get_three_state_flag(),
help='A boolean flag which indicates whether internet routing storage endpoints are to be published.')
umask_type = CLIArgumentType(
help='When creating a file or directory and the parent folder does not have a default ACL, the umask restricts '
'the permissions of the file or directory to be created. The resulting permission is given by p & ^u, '
'where p is the permission and u is the umask. For more information, please refer to '
'https://learn.microsoft.com/azure/storage/blobs/data-lake-storage-access-control#umask.')
permissions_type = CLIArgumentType(
help='POSIX access permissions for the file owner, the file owning group, and others. Each class may be '
'granted read (4), write (2), or execute (1) permission. Both symbolic (rwxrw-rw-) and 4-digit octal '
'notation (e.g. 0766) are supported. The sticky bit is also supported and in symbolic notation, '
'its represented either by the letter t or T in the final character-place depending on whether '
'the execution bit for the others category is set or unset respectively (e.g. rwxrw-rw- with sticky bit '
'is represented as rwxrw-rwT. A rwxrw-rwx with sticky bit is represented as rwxrw-rwt), absence of t or T '
'indicates sticky bit not set. In 4-digit octal notation, its represented by 1st digit (e.g. 1766 '
'represents rwxrw-rw- with sticky bit and 0766 represents rwxrw-rw- without sticky bit). For more '
'information, please refer to '
'https://learn.microsoft.com/azure/storage/blobs/data-lake-storage-access-control#levels-of-permission.')
timeout_type = CLIArgumentType(
help='Request timeout in seconds. Applies to each call to the service.', type=int
)
marker_type = CLIArgumentType(
help='A string value that identifies the portion of the list of containers to be '
'returned with the next listing operation. The operation returns the NextMarker value within '
'the response body if the listing operation did not return all containers remaining to be listed '
'with the current page. If specified, this generator will begin returning results from the point '
'where the previous generator stopped.')
num_results_type = CLIArgumentType(
default=5000, validator=validate_storage_data_plane_list,
help='Specify the maximum number to return. If the request does not specify '
'num_results, or specifies a value greater than 5000, the server will return up to 5000 items. Note that '
'if the listing operation crosses a partition boundary, then the service will return a continuation token '
'for retrieving the remaining of the results. Provide "*" to return all.'
)
if_modified_since_type = CLIArgumentType(
help='Commence only if modified since supplied UTC datetime (Y-m-d\'T\'H:M\'Z\')',
type=get_datetime_type(False))
if_unmodified_since_type = CLIArgumentType(
help='Commence only if unmodified since supplied UTC datetime (Y-m-d\'T\'H:M\'Z\')',
type=get_datetime_type(False))
allow_shared_key_access_type = CLIArgumentType(
arg_type=get_three_state_flag(), options_list=['--allow-shared-key-access', '-k'],
help='Indicate whether the storage account permits requests to be authorized with the account access key via '
'Shared Key. If false, then all requests, including shared access signatures, must be authorized with '
'Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.')
sas_expiration_period_type = CLIArgumentType(
options_list=['--sas-expiration-period', '--sas-exp'],
help='Expiration period of the SAS Policy assigned to the storage account, DD.HH:MM:SS.'
)
t_expiration_action_type = self.get_models('ExpirationAction', resource_type=ResourceType.MGMT_STORAGE)
sas_expiration_action_type = CLIArgumentType(
arg_type=get_enum_type(t_expiration_action_type),
options_list=['--sas-expiration-action', '--sas-exp-action'],
help="The action to be performed when --sas-expiration-period is violated. The 'Log' action can be used "
"for audit purposes and the 'Block' action can be used to block and deny the usage of SAS tokens that "
"do not adhere to the sas policy expiration period. The default action is 'Log'."
)
key_expiration_period_in_days_type = CLIArgumentType(
options_list=['--key-expiration-period-in-days', '--key-exp-days'], type=int,
help='Expiration period in days of the Key Policy assigned to the storage account'
)
allow_cross_tenant_replication_type = CLIArgumentType(
arg_type=get_three_state_flag(), options_list=['--allow-cross-tenant-replication', '-r'],
help='Allow or disallow cross AAD tenant object replication. Set this property to true for new or existing '
'accounts only if object replication policies will involve storage accounts in different AAD tenants. '
'If not specified, the default value is false for new accounts to follow best security practices.')
t_share_permission = self.get_models('DefaultSharePermission', resource_type=ResourceType.MGMT_STORAGE)
default_share_permission_type = CLIArgumentType(
options_list=['--default-share-permission', '-d'],
arg_type=get_enum_type(t_share_permission),
arg_group='Azure Files Identity Based Authentication',
help='Default share permission for users using Kerberos authentication if RBAC role is not assigned.')
t_blob_tier = self.get_sdk('_generated.models._azure_blob_storage_enums#AccessTierOptional',
resource_type=ResourceType.DATA_STORAGE_BLOB)
t_rehydrate_priority = self.get_sdk('_generated.models._azure_blob_storage_enums#RehydratePriority',
resource_type=ResourceType.DATA_STORAGE_BLOB)
tier_type = CLIArgumentType(
arg_type=get_enum_type(t_blob_tier),
help='The tier value to set the blob to. For page blob, the tier correlates to the size of the blob '
'and number of allowed IOPS. Possible values are P10, P15, P20, P30, P4, P40, P50, P6, P60, P70, P80 '
'and this is only applicable to page blobs on premium storage accounts; For block blob, possible '
'values are Archive, Cold, Cool, and Hot. This is only applicable to block blobs on standard '
'storage accounts.'
)
rehydrate_priority_type = CLIArgumentType(
arg_type=get_enum_type(t_rehydrate_priority), options_list=('--rehydrate-priority', '-r'),
help='Indicate the priority with which to rehydrate an archived blob.')
action_type = CLIArgumentType(
help='The action of virtual network rule. Possible value is Allow.'
)
immutability_period_since_creation_in_days_type = CLIArgumentType(
options_list=['--immutability-period-in-days', '--immutability-period'],
help='The immutability period for the blobs in the container since the policy creation, in days.'
)
account_immutability_policy_state_enum = self.get_sdk(
'models._storage_management_client_enums#AccountImmutabilityPolicyState',
resource_type=ResourceType.MGMT_STORAGE)
immutability_policy_state_type = CLIArgumentType(
arg_type=get_enum_type(account_immutability_policy_state_enum),
options_list='--immutability-state',
help='Defines the mode of the policy. Disabled state disables the policy, '
'Unlocked state allows increase and decrease of immutability retention time '
'and also allows toggling allow-protected-append-write property, '
'Locked state only allows the increase of the immutability retention time. '
'A policy can only be created in a Disabled or Unlocked state and can be toggled between the '
'two states. Only a policy in an Unlocked state can transition to a Locked state which cannot '
'be reverted.')
public_network_access_enum = self.get_sdk('models._storage_management_client_enums#PublicNetworkAccess',
resource_type=ResourceType.MGMT_STORAGE)
version_id_type = CLIArgumentType(
help='An optional blob version ID. This parameter is only for versioning enabled account. ',
is_preview=True
)
with self.argument_context('storage') as c:
c.argument('container_name', container_name_type)
c.argument('directory_name', directory_type)
c.argument('share_name', share_name_type)
c.argument('table_name', table_name_type)
c.argument('retry_wait', options_list=('--retry-interval',))
c.ignore('progress_callback')
c.argument('metadata', nargs='+',
help='Metadata in space-separated key=value pairs. This overwrites any existing metadata.',
validator=validate_metadata)
c.argument('timeout', help='Request timeout in seconds. Applies to each call to the service.', type=int)
with self.argument_context('storage', arg_group='Precondition') as c:
c.argument('if_modified_since', if_modified_since_type)
c.argument('if_unmodified_since', if_unmodified_since_type)
c.argument('if_match')
c.argument('if_none_match')
for item in ['delete', 'show', 'update', 'show-connection-string', 'keys', 'network-rule', 'revoke-delegation-keys', 'failover', 'hns-migration']: # pylint: disable=line-too-long
with self.argument_context('storage account {}'.format(item)) as c:
c.argument('account_name', acct_name_type, options_list=['--name', '-n'])
c.argument('resource_group_name', required=False, validator=process_resource_group)
with self.argument_context('storage account blob-inventory-policy') as c:
c.ignore('blob_inventory_policy_name')
c.argument('resource_group_name', required=False, validator=process_resource_group)
c.argument('account_name',
help='The name of the storage account within the specified resource group. Storage account names '
'must be between 3 and 24 characters in length and use numbers and lower-case letters only.')
with self.argument_context('storage account blob-inventory-policy create') as c:
c.argument('policy', type=file_type, completer=FilesCompleter(),
help='The Storage Account Blob Inventory Policy, string in JSON format or json file path. See more '
'details in https://learn.microsoft.com/azure/storage/blobs/blob-inventory#inventory-policy.')
with self.argument_context('storage account check-name') as c:
c.argument('name', options_list=['--name', '-n'],
help='The name of the storage account within the specified resource group')
with self.argument_context('storage account failover') as c:
c.argument('failover_type', options_list=['--failover-type', '--type'], is_preview=True, default=None,
help="The parameter is set to 'Planned' to indicate whether a Planned failover is requested")
c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')
with self.argument_context('storage account delete') as c:
c.argument('account_name', acct_name_type, options_list=['--name', '-n'], local_context_attribute=None)
with self.argument_context('storage account create', resource_type=ResourceType.MGMT_STORAGE) as c:
t_account_type, t_sku_name, t_kind, t_tls_version, t_dns_endpoint_type = \
self.get_models('AccountType', 'SkuName', 'Kind', 'MinimumTlsVersion', 'DnsEndpointType',
resource_type=ResourceType.MGMT_STORAGE)
t_identity_type = self.get_models('IdentityType', resource_type=ResourceType.MGMT_STORAGE)
c.register_common_storage_account_options()
c.argument('location', get_location_type(self.cli_ctx), validator=get_default_location_from_resource_group)
c.argument('account_type', help='The storage account type', arg_type=get_enum_type(t_account_type))
c.argument('account_name', acct_name_type, options_list=['--name', '-n'], completer=None,
local_context_attribute=LocalContextAttribute(
name='storage_account_name', actions=[LocalContextAction.SET], scopes=[ALL]))
c.argument('kind', help='Indicate the type of storage account.',
arg_type=get_enum_type(t_kind),
default='StorageV2' if self.cli_ctx.cloud.profile == 'latest' else 'Storage')
c.argument('https_only', arg_type=get_three_state_flag(),
help='Allow https traffic only to storage service if set to true. The default value is true.')
c.argument('tags', tags_type)
c.argument('custom_domain', help='User domain assigned to the storage account. Name is the CNAME source.')
c.argument('sku', help='The storage account SKU.', arg_type=get_enum_type(t_sku_name, default='standard_ragrs'))
c.argument('enable_sftp', arg_type=get_three_state_flag(),
help='Enable Secure File Transfer Protocol.')
c.argument('enable_local_user', arg_type=get_three_state_flag(),
help='Enable local user features.')
c.argument('enable_files_aadds', aadds_type)
c.argument('enable_files_adds', adds_type)
c.argument('enable_files_aadkerb', aadkerb_type)
c.argument('enable_large_file_share', arg_type=large_file_share_type)
c.argument('domain_name', domain_name_type)
c.argument('net_bios_domain_name', net_bios_domain_name_type)
c.argument('forest_name', forest_name_type)
c.argument('domain_guid', domain_guid_type)
c.argument('domain_sid', domain_sid_type)
c.argument('azure_storage_sid', azure_storage_sid_type)
c.argument('sam_account_name', sam_account_name_type)
c.argument('account_type', account_type_type)
c.argument('enable_hierarchical_namespace', arg_type=get_three_state_flag(),
options_list=['--enable-hierarchical-namespace', '--hns',
c.deprecate(target='--hierarchical-namespace', redirect='--hns', hide=True)],
help=" Allow the blob service to exhibit filesystem semantics. This property can be enabled only "
"when storage account kind is StorageV2.")
c.argument('encryption_key_type_for_table', arg_type=get_enum_type(['Account', 'Service']),
help='Set the encryption key type for Table service. "Account": Table will be encrypted '
'with account-scoped encryption key. "Service": Table will always be encrypted with '
'service-scoped keys. Currently the default encryption key type is "Service".',
options_list=['--encryption-key-type-for-table', '-t'])
c.argument('encryption_key_type_for_queue', arg_type=get_enum_type(['Account', 'Service']),
help='Set the encryption key type for Queue service. "Account": Queue will be encrypted '
'with account-scoped encryption key. "Service": Queue will always be encrypted with '
'service-scoped keys. Currently the default encryption key type is "Service".',
options_list=['--encryption-key-type-for-queue', '-q'])
c.argument('routing_choice', routing_choice_type)
c.argument('publish_microsoft_endpoints', publish_microsoft_endpoints_type)
c.argument('publish_internet_endpoints', publish_internet_endpoints_type)
c.argument('require_infrastructure_encryption', options_list=['--require-infrastructure-encryption', '-i'],
arg_type=get_three_state_flag(),
help='A boolean indicating whether or not the service applies a secondary layer of encryption with '
'platform managed keys for data at rest.')
c.argument('allow_blob_public_access', arg_type=get_three_state_flag(),
help='Allow or disallow public access to all blobs or containers in the storage account. '
'If not specified, the default value is false for new accounts to follow best security practices. '
'When true, containers in the account may '
'be configured for public access. Note that setting this property to true does '
'not enable anonymous access to any data in the account. The additional step of configuring the '
'public access setting for a container is required to enable anonymous access.')
c.argument('min_tls_version', arg_type=get_enum_type(t_tls_version),
help='The minimum TLS version to be permitted on requests to storage. '
'While the default setting is TLS 1.0 for this property, '
'Microsoft recommends setting MinimumTlsVersion to 1.2 or above.')
c.argument('allow_shared_key_access', allow_shared_key_access_type)
c.argument('edge_zone', edge_zone_type)
c.argument('identity_type', arg_type=get_enum_type(t_identity_type), arg_group='Identity',
help='The identity type.')
c.argument('user_identity_id', arg_group='Identity',
help='The key is the ARM resource identifier of the identity. Only 1 User Assigned identity is '
'permitted here.')
c.argument('key_expiration_period_in_days', key_expiration_period_in_days_type, is_preview=True)
c.argument('sas_expiration_period', sas_expiration_period_type)
c.argument('sas_expiration_action', sas_expiration_action_type)
c.argument('allow_cross_tenant_replication', allow_cross_tenant_replication_type)
c.argument('default_share_permission', default_share_permission_type)
c.argument('enable_nfs_v3', arg_type=get_three_state_flag(),
help='NFS 3.0 protocol support enabled if sets to true.')
c.argument('enable_alw', arg_type=get_three_state_flag(),
help='The account level immutability property. The property is immutable and can only be set to true'
' at the account creation time. When set to true, it enables object level immutability for all '
'the containers in the account by default.',
arg_group='Account Level Immutability',
validator=validate_immutability_arguments)
c.argument('immutability_period_since_creation_in_days',
arg_type=immutability_period_since_creation_in_days_type,
arg_group='Account Level Immutability',
validator=validate_immutability_arguments)
c.argument('immutability_policy_state', arg_type=immutability_policy_state_type,
arg_group='Account Level Immutability',
validator=validate_immutability_arguments)
c.argument('allow_protected_append_writes', arg_type=get_three_state_flag(),
options_list=['--allow-protected-append-writes', '--allow-append', '-w'],
help='This property can only be changed for disabled and unlocked time-based retention policies. '
'When enabled, new blocks can be written to an append blob while maintaining immutability '
'protection and compliance. Only new blocks can be added and any existing blocks cannot be '
'modified or deleted.',
arg_group='Account Level Immutability',
validator=validate_immutability_arguments)
c.argument('public_network_access', arg_type=get_enum_type(public_network_access_enum),
help='Enable or disable public network access to the storage account. '
'Possible values include: `Enabled` or `Disabled`.')
c.argument('dns_endpoint_type', arg_type=get_enum_type(t_dns_endpoint_type),
options_list=['--dns-endpoint-type', '--endpoint'],
help='Allow you to specify the type of endpoint. Set this to AzureDNSZone to create a large number '
'of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the '
'endpoint URL will have an alphanumeric DNS Zone identifier.')
c.argument('enable_smb_oauth', arg_type=get_three_state_flag(),
arg_group='Azure Files Identity Based Authentication',
help='Specifies if managed identities can access SMB shares using OAuth. '
'The default interpretation is false for this property.')
with self.argument_context('storage account private-endpoint-connection',
resource_type=ResourceType.MGMT_STORAGE) as c:
c.argument('private_endpoint_connection_name', options_list=['--name', '-n'],
help='The name of the private endpoint connection associated with the Storage Account.')
for item in ['approve', 'reject', 'show', 'delete']:
with self.argument_context('storage account private-endpoint-connection {}'.format(item),
resource_type=ResourceType.MGMT_STORAGE) as c:
c.argument('private_endpoint_connection_name', options_list=['--name', '-n'], required=False,
help='The name of the private endpoint connection associated with the Storage Account.')
c.extra('connection_id', options_list=['--id'],
help='The ID of the private endpoint connection associated with the Storage Account. You can get '
'it using `az storage account show`.')
c.argument('account_name', help='The storage account name.', required=False)
c.argument('resource_group_name', help='The resource group name of specified storage account.',
required=False)
c.argument('description', help='Comments for {} operation.'.format(item))
with self.argument_context('storage account update', resource_type=ResourceType.MGMT_STORAGE) as c:
t_tls_version = self.get_models('MinimumTlsVersion', resource_type=ResourceType.MGMT_STORAGE)
t_identity_type = self.get_models('IdentityType', resource_type=ResourceType.MGMT_STORAGE)
c.register_common_storage_account_options()
c.argument('sku', arg_type=get_enum_type(t_sku_name),
help='Note that the SKU name cannot be updated to Standard_ZRS, Premium_LRS or Premium_ZRS, '
'nor can accounts of those SKU names be updated to any other value')
c.argument('custom_domain',
help='User domain assigned to the storage account. Name is the CNAME source. Use "" to clear '
'existing value.',
validator=validate_custom_domain)
c.argument('use_subdomain', help='Specify whether to use indirect CNAME validation.',
arg_type=get_enum_type(['true', 'false']))
c.argument('tags', tags_type, default=None)
c.argument('enable_sftp', arg_type=get_three_state_flag(),
help='Enable Secure File Transfer Protocol.')
c.argument('enable_local_user', arg_type=get_three_state_flag(),
help='Enable local user features.')
c.argument('enable_files_aadds', aadds_type)
c.argument('enable_files_adds', adds_type)
c.argument('enable_files_aadkerb', aadkerb_type)
c.argument('enable_large_file_share', arg_type=large_file_share_type)
c.argument('domain_name', domain_name_type)
c.argument('net_bios_domain_name', net_bios_domain_name_type)
c.argument('forest_name', forest_name_type)
c.argument('domain_guid', domain_guid_type)
c.argument('domain_sid', domain_sid_type)
c.argument('azure_storage_sid', azure_storage_sid_type)
c.argument('sam_account_name', sam_account_name_type)
c.argument('account_type', account_type_type)
c.argument('routing_choice', routing_choice_type)
c.argument('publish_microsoft_endpoints', publish_microsoft_endpoints_type)
c.argument('publish_internet_endpoints', publish_internet_endpoints_type)
c.argument('allow_blob_public_access', arg_type=get_three_state_flag(),
help='Allow or disallow public access to all blobs or containers in the storage account. '
'If not specified, the default value is false for new account to follow best security practices. '
'When true, containers '
'in the account may be configured for public access. Note that setting this property to true does '
'not enable anonymous access to any data in the account. The additional step of configuring the '
'public access setting for a container is required to enable anonymous access.')
c.argument('min_tls_version', arg_type=get_enum_type(t_tls_version),
help='The minimum TLS version to be permitted on requests to storage. '
'While the default setting is TLS 1.0 for this property, '
'Microsoft recommends setting MinimumTlsVersion to 1.2 or above.')
c.argument('allow_shared_key_access', allow_shared_key_access_type)
c.argument('identity_type', arg_type=get_enum_type(t_identity_type), arg_group='Identity',
help='The identity type.')
c.argument('user_identity_id', arg_group='Identity',
help='The key is the ARM resource identifier of the identity. Only 1 User Assigned identity is '
'permitted here.')
c.argument('key_expiration_period_in_days', key_expiration_period_in_days_type, is_preview=True)
c.argument('sas_expiration_period', sas_expiration_period_type)
c.argument('sas_expiration_action', sas_expiration_action_type)
c.argument('allow_cross_tenant_replication', allow_cross_tenant_replication_type)
c.argument('default_share_permission', default_share_permission_type)
c.argument('immutability_period_since_creation_in_days',
arg_type=immutability_period_since_creation_in_days_type,
arg_group='Account Level Immutability')
c.argument('immutability_policy_state', arg_type=immutability_policy_state_type,
arg_group='Account Level Immutability')
c.argument('allow_protected_append_writes', arg_type=get_three_state_flag(),
options_list=['--allow-protected-append-writes', '--allow-append', '-w'],
help='This property can only be changed for disabled and unlocked time-based retention policies. '
'When enabled, new blocks can be written to an append blob while maintaining immutability '
'protection and compliance. Only new blocks can be added and any existing blocks cannot be '
'modified or deleted.',
arg_group='Account Level Immutability')
c.argument('public_network_access', arg_type=get_enum_type(public_network_access_enum),
help='Enable or disable public network access to the storage account. '
'Possible values include: `Enabled` or `Disabled`.')
c.argument('upgrade_to_storagev2', arg_type=get_three_state_flag(),
help='Upgrade Storage Account Kind to StorageV2.')
c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')
c.argument('enable_smb_oauth', arg_type=get_three_state_flag(),
arg_group='Azure Files Identity Based Authentication',
help='Specifies if managed identities can access SMB shares using OAuth. ')
for scope in ['storage account create', 'storage account update']:
with self.argument_context(scope, arg_group='Customer managed key',
resource_type=ResourceType.MGMT_STORAGE) as c:
t_key_source = self.get_models('KeySource', resource_type=ResourceType.MGMT_STORAGE)
c.argument('encryption_key_name', help='The name of the KeyVault key.', )
c.argument('encryption_key_vault', help='The Uri of the KeyVault.')
c.argument('encryption_key_version',
help='The version of the KeyVault key to use, which will opt out of implicit key rotation. '
'Please use "" to opt in key auto-rotation again.')
c.argument('encryption_key_source',
arg_type=get_enum_type(t_key_source),
help='The default encryption key source',
validator=validate_encryption_source)
c.argument('key_vault_user_identity_id', options_list=['--key-vault-user-identity-id', '-u'],
help='Resource identifier of the UserAssigned identity to be associated with server-side '
'encryption on the storage account.')
c.argument('federated_identity_client_id', options_list=['--key-vault-federated-client-id', '-f'],
help='ClientId of the multi-tenant application to be used '
'in conjunction with the user-assigned identity for '
'cross-tenant customer-managed-keys server-side encryption on the storage account.')
for scope in ['storage account create', 'storage account update']:
with self.argument_context(scope, resource_type=ResourceType.MGMT_STORAGE,
arg_group='Network Rule') as c:
t_bypass, t_default_action = self.get_models('Bypass', 'DefaultAction',
resource_type=ResourceType.MGMT_STORAGE)
c.argument('bypass', nargs='+', validator=validate_bypass, arg_type=get_enum_type(t_bypass),
help='Bypass traffic for space-separated uses.')
c.argument('default_action', arg_type=get_enum_type(t_default_action),
help='Default action to apply when no rule matches.')
c.argument('subnet', help='Name or ID of subnet. If name is supplied, `--vnet-name` must be supplied.')
c.argument('vnet_name', help='Name of a virtual network.', validator=validate_subnet)
c.argument('action', action_type)
with self.argument_context('storage account show-connection-string') as c:
from ._validators import validate_key_name
c.argument('protocol', help='The default endpoint protocol.', arg_type=get_enum_type(['http', 'https']))
c.argument('sas_token', help='The SAS token to be used in the connection-string.')
c.argument('key_name', options_list=['--key'], help='The key to use.', validator=validate_key_name,
arg_type=get_enum_type(list(storage_account_key_options.keys())))
for item in ['blob', 'file', 'queue', 'table']:
c.argument('{}_endpoint'.format(item), help='Custom endpoint for {}s.'.format(item))
with self.argument_context('storage account encryption-scope') as c:
c.argument('account_name', help='The storage account name.')
c.argument('resource_group_name', validator=process_resource_group, required=False)
c.argument('encryption_scope_name', options_list=['--name', '-n'],
help='The name of the encryption scope within the specified storage account.')
for scope in ['storage account encryption-scope create', 'storage account encryption-scope update']:
with self.argument_context(scope, resource_type=ResourceType.MGMT_STORAGE) as c:
from ._validators import validate_encryption_key
t_encryption_key_source = self.get_models('EncryptionScopeSource', resource_type=ResourceType.MGMT_STORAGE)
c.argument('key_source', options_list=['-s', '--key-source'],
arg_type=get_enum_type(t_encryption_key_source, default="Microsoft.Storage"),
help='The provider for the encryption scope.', validator=validate_encryption_key)
c.argument('key_uri', options_list=['-u', '--key-uri'],
help='The object identifier for a key vault key object. When applied, the encryption scope will '
'use the key referenced by the identifier to enable customer-managed key support on this '
'encryption scope.')
c.argument('require_infrastructure_encryption', options_list=['--require-infrastructure-encryption', '-i'],
arg_type=get_three_state_flag(),
help='A boolean indicating whether or not the service applies a secondary layer of encryption '
'with platform managed keys for data at rest.')
with self.argument_context('storage account encryption-scope update') as c:
t_state = self.get_models("EncryptionScopeState", resource_type=ResourceType.MGMT_STORAGE)
c.argument('key_source', options_list=['-s', '--key-source'],
arg_type=get_enum_type(t_encryption_key_source),
help='The provider for the encryption scope.', validator=validate_encryption_key)
c.argument('state', arg_type=get_enum_type(t_state),
help='Change the state the encryption scope. When disabled, '
'all blob read/write operations using this encryption scope will fail.')
with self.argument_context('storage account encryption-scope list') as c:
t_encryption_scope_include = self.get_models("ListEncryptionScopesInclude",
resource_type=ResourceType.MGMT_STORAGE)
c.argument('filter', help='When specified, only encryption scope names starting with the filter will be listed')
c.argument('include', arg_type=get_enum_type(t_encryption_scope_include),
help='when specified, will list encryption scopes with the specific state')
c.argument('maxpagesize', type=int,
help='the maximum number of encryption scopes that will be included in the list response')
c.argument('marker', arg_type=marker_type)
with self.argument_context('storage account keys list', resource_type=ResourceType.MGMT_STORAGE) as c:
c.argument("expand", options_list=['--expand-key-type'], help='Specify the expanded key types to be listed.',
arg_type=get_enum_type(['kerb']), is_preview=True)
with self.argument_context('storage account keys renew', resource_type=ResourceType.MGMT_STORAGE) as c:
from ._validators import validate_key_name
c.argument('key_name', options_list=['--key'], help='The key options to regenerate.',
validator=validate_key_name,
arg_type=get_enum_type(list(storage_account_key_options.keys())))
c.extra('key_type', help='The key type to regenerate. If --key-type is not specified, one of access keys will '
'be regenerated by default.', arg_type=get_enum_type(['kerb']))
c.argument('account_name', acct_name_type, id_part=None)
with self.argument_context('storage account management-policy create') as c:
c.argument('policy', type=file_type, completer=FilesCompleter(),
help='The Storage Account ManagementPolicies Rules, in JSON format. See more details in: '
'https://learn.microsoft.com/azure/storage/common/storage-lifecycle-managment-concepts.')
for item in ['create', 'update', 'show', 'delete']:
with self.argument_context('storage account management-policy {}'.format(item)) as c:
c.argument('account_name', help='The name of the storage account within the specified resource group.')
with self.argument_context('storage account keys list') as c:
c.argument('account_name', acct_name_type, id_part=None)
with self.argument_context('storage account network-rule', resource_type=ResourceType.MGMT_STORAGE) as c:
from ._validators import validate_ip_address
c.argument('account_name', acct_name_type, id_part=None)
c.argument('ip_address', nargs='*', help='IPv4 address or CIDR range. Can supply a list: --ip-address ip1 '
'[ip2]...', validator=validate_ip_address)
c.argument('subnet', help='Name or ID of subnet. If name is supplied, `--vnet-name` must be supplied.')
c.argument('vnet_name', help='Name of a virtual network.', validator=validate_subnet)
c.argument('action', action_type)
c.argument('resource_id', help='The resource id to add in network rule.', arg_group='Resource Access Rule')
c.argument('tenant_id', help='The tenant id to add in network rule.', arg_group='Resource Access Rule')
with self.argument_context('storage account blob-service-properties',
resource_type=ResourceType.MGMT_STORAGE) as c:
c.argument('account_name', acct_name_type, id_part=None)
c.argument('resource_group_name', required=False, validator=process_resource_group)
with self.argument_context('storage account blob-service-properties update',
resource_type=ResourceType.MGMT_STORAGE) as c:
c.argument('account_name', acct_name_type, id_part=None)
c.argument('resource_group_name', required=False, validator=process_resource_group)
c.argument('enable_change_feed', arg_type=get_three_state_flag(),
arg_group='Change Feed Policy')
c.argument('change_feed_retention_days', is_preview=True,
options_list=['--change-feed-retention-days', '--change-feed-days'],
type=int, arg_group='Change Feed Policy',
validator=validator_change_feed_retention_days,
help='Indicate the duration of changeFeed retention in days. '
'Minimum value is 1 day and maximum value is 146000 days (400 years). '
'A null value indicates an infinite retention of the change feed.'
'(Use `--enable-change-feed` without `--change-feed-days` to indicate null)')
c.argument('enable_container_delete_retention',
arg_type=get_three_state_flag(),
options_list=['--enable-container-delete-retention', '--container-retention'],
arg_group='Container Delete Retention Policy',
help='Enable container delete retention policy for container soft delete when set to true. '
'Disable container delete retention policy when set to false.')
c.argument('container_delete_retention_days',
options_list=['--container-delete-retention-days', '--container-days'],
type=int, arg_group='Container Delete Retention Policy',
validator=validate_container_delete_retention_days,
help='Indicate the number of days that the deleted container should be retained. The minimum '
'specified value can be 1 and the maximum value can be 365.')
c.argument('enable_delete_retention', arg_type=get_three_state_flag(), arg_group='Delete Retention Policy')
c.argument('delete_retention_days', type=int, arg_group='Delete Retention Policy',
validator=validate_delete_retention_days)
c.argument('enable_restore_policy', arg_type=get_three_state_flag(), arg_group='Restore Policy',
help="Enable blob restore policy when it set to true.")
c.argument('restore_days', type=int, arg_group='Restore Policy',
help="The number of days for the blob can be restored. It should be greater "
"than zero and less than Delete Retention Days.")
c.argument('enable_versioning', arg_type=get_three_state_flag(), help='Versioning is enabled if set to true.')
c.argument('default_service_version', options_list=['--default-service-version', '-d'],
type=get_api_version_type(),
help="Indicate the default version to use for requests to the Blob service if an incoming request's "
"version is not specified.")
c.argument('enable_last_access_tracking', arg_type=get_three_state_flag(),
options_list=['--enable-last-access-tracking', '-t'],
help='When set to true last access time based tracking policy is enabled.')
with self.argument_context('storage account blob-service-properties cors-rule',
resource_type=ResourceType.MGMT_STORAGE) as c:
c.argument('max_age_in_seconds', options_list=['--max-age', '--max-age-in-seconds'], type=int,
help='The number of seconds that the client/browser should cache a preflight response')
c.argument('allowed_origins', nargs='+', options_list=['--origins', '--allowed-origins'],
help='Space-separated list of origin domains that will be allowed via CORS,'
' or "*" to allow all domains')
c.argument('allowed_methods', nargs='+', options_list=['--methods', '--allowed-methods'],
help='Space-separated list of HTTP verbs (methods) allowed to be executed by the origin')
c.argument('allowed_headers', nargs='+',
help='Space-separated list of headers allowed to be part of the cross-origin request')
c.argument('exposed_headers', nargs='+',
help='Space-separated list of response headers to expose to CORS clients')
with self.argument_context('storage account file-service-properties show',
resource_type=ResourceType.MGMT_STORAGE) as c:
c.argument('account_name', acct_name_type, id_part=None)
c.argument('resource_group_name', required=False, validator=process_resource_group)
with self.argument_context('storage account file-service-properties update',
resource_type=ResourceType.MGMT_STORAGE) as c:
c.argument('account_name', acct_name_type, id_part=None)
c.argument('resource_group_name', required=False, validator=process_resource_group)
c.argument('enable_delete_retention', arg_type=get_three_state_flag(), arg_group='Delete Retention Policy',
help='Enable file service properties for share soft delete.')
c.argument('delete_retention_days', type=int, arg_group='Delete Retention Policy',
validator=validate_file_delete_retention_days,
help='Indicate the number of days that the deleted item should be retained. The minimum specified '
'value can be 1 and the maximum value can be 365.')
c.argument('enable_smb_multichannel', options_list=['--enable-smb-multichannel', '--mc'],
arg_type=get_three_state_flag(), arg_group='SMB Setting',
help='Set SMB Multichannel setting for file service. Applies to Premium FileStorage only.')
c.argument('versions', arg_group='SMB Setting',
help="SMB protocol versions supported by server. Valid values are SMB2.1, SMB3.0, "
"SMB3.1.1. Should be passed as a string with delimiter ';'.")
c.argument('authentication_methods', options_list='--auth-methods', arg_group='SMB Setting',
help="SMB authentication methods supported by server. Valid values are NTLMv2, Kerberos. "
"Should be passed as a string with delimiter ';'.")
c.argument('kerberos_ticket_encryption', options_list=['--kerb-ticket-encryption', '-k'],
arg_group='SMB Setting',
help="Kerberos ticket encryption supported by server. Valid values are RC4-HMAC, AES-256. "
"Should be passed as a string with delimiter ';'.")
c.argument('channel_encryption', arg_group='SMB Setting',
help="SMB channel encryption supported by server. Valid values are AES-128-CCM, AES-128-GCM, "
"AES-256-GCM. Should be passed as a string with delimiter ';' ")
with self.argument_context('storage account generate-sas', resource_type=ResourceType.DATA_STORAGE_BLOB) as c:
t_account_permissions = self.get_sdk('_shared.models#AccountSasPermissions',
resource_type=ResourceType.DATA_STORAGE_BLOB)
c.register_sas_arguments()
c.argument('services', type=services_type_v2())
c.argument('resource_types', type=resource_type_type_v2(self))
c.argument('expiry', type=get_datetime_type(True))
c.argument('start', type=get_datetime_type(True))
c.argument('account_name', acct_name_type, options_list=['--account-name'])
c.argument('permission', options_list=('--permissions',),
help='The permissions the SAS grants. Allowed values: {}. Can be combined.'.format(
get_permission_help_string(t_account_permissions)),
validator=get_permission_validator(t_account_permissions))
c.extra('encryption_scope', help='A predefined encryption scope used to encrypt the data on the service.')
c.ignore('sas_token')
or_policy_type = CLIArgumentType(
options_list=['--policy', '-p'],
help='The object replication policy definition between two storage accounts, in JSON format. '
'Multiple rules can be defined in one policy.'
)
policy_id_type = CLIArgumentType(
options_list=['--policy-id'],
help='The ID of object replication policy or "default" if the policy ID is unknown. Policy Id will be '
'auto-generated when setting on destination account. Required when setting on source account.'
)
rule_id_type = CLIArgumentType(
options_list=['--rule-id', '-r'],
help='Rule Id is auto-generated for each new rule on destination account. It is required '
'for put policy on source account.'
)
prefix_math_type = CLIArgumentType(
nargs='+', arg_group='Filters', options_list=['--prefix-match', '--prefix'],
help='Optional. Filter the results to replicate only blobs whose names begin with the specified '
'prefix.'
)
min_creation_time_type = CLIArgumentType(
options_list=['--min-creation-time', '-t'], arg_group='Filters', type=get_datetime_type(True),
help="Blobs created after the time will be replicated to the destination. It must be in datetime format "
"'yyyy-MM-ddTHH:mm:ssZ'. Example: 2020-02-19T16:05:00Z")
with self.argument_context('storage account or-policy') as c:
c.argument('account_name', acct_name_type, id_part=None)
c.argument('resource_group_name', required=False, validator=process_resource_group)
c.argument('object_replication_policy_id', policy_id_type)
c.argument('policy_id', policy_id_type)
c.argument('source_account', options_list=['--source-account', '-s'],
help='The source storage account name or resource Id. Required when no --policy provided.')
c.argument('destination_account', options_list=['--destination-account', '-d'],
help='The destination storage account name or resource Id. Apply --account-name value as '
'destination account when there is no destination account provided in --policy and '
'--destination-account.')
c.argument('properties', or_policy_type, validator=validate_or_policy)
c.argument('prefix_match', prefix_math_type)
c.argument('min_creation_time', min_creation_time_type)
c.argument('enable_metrics', arg_type=get_three_state_flag(),
help='Indicates whether object replication metrics feature is enabled for the policy.')
for item in ['create', 'update']:
with self.argument_context('storage account or-policy {}'.format(item),
arg_group="Object Replication Policy Rule") as c:
c.argument('rule_id', help='Rule Id is auto-generated for each new rule on destination account. It is '
'required for put policy on source account.')
c.argument('source_container', options_list=['--source-container', '--scont'],
help='The source storage container name. Required when no --policy provided.')
c.argument('destination_container', options_list=['--destination-container', '--dcont'],
help='The destination storage container name. Required when no --policy provided.')
with self.argument_context('storage account or-policy rule') as c:
c.argument('policy_id', policy_id_type)
c.argument('source_container', options_list=['--source-container', '-s'],
help='The source storage container name.')
c.argument('destination_container', options_list=['--destination-container', '-d'],
help='The destination storage container name.')
c.argument('rule_id', rule_id_type)
with self.argument_context('storage account hns-migration start') as c:
c.argument('request_type', options_list=['--type', '--request-type'],
arg_type=get_enum_type(['validation', 'upgrade']), validator=validate_hns_migration_type,
help='Start a validation request for migration or start a migration request')
with self.argument_context('storage account local-user') as c:
c.argument('account_name', acct_name_type, options_list='--account-name', id_part=None)
c.argument('username', options_list=['--user-name', '--name', '-n'],
help='The name of local user. The username must contain lowercase letters and numbers '
'only. It must be unique only within the storage account.')
for item in ['create', 'update']:
with self.argument_context(f'storage account local-user {item}') as c:
c.argument('permission_scope', nargs='+', action=PermissionScopeAddAction,
help='The permission scope argument list which includes the permissions, service, '
'and resource_name.'
'The permissions can be a combination of the below possible values: '
'Read(r), Write (w), Delete (d), List (l), and Create (c). '
'The service has possible values: blob, file. '
'The resource-name is the container name or the file share name. '
'Example: --permission-scope permissions=r service=blob resource-name=container1'
'Can specify multiple permission scopes: '
'--permission-scope permissions=rw service=blob resource-name=container1'
'--permission-scope permissions=rwd service=file resource-name=share2')
c.argument('home_directory', help='The home directory.')
c.argument('ssh_authorized_key', nargs='+', action=SshPublicKeyAddAction,
help='SSH authorized keys for SFTP. Includes an optional description and key. '
'The key is the base64 encoded SSH public key , with format: '
'`<keyType> <keyData>` e.g. ssh-rsa AAAABBBB.'
'Example: --ssh_authorized_key description=description key="ssh-rsa AAAABBBB"'
'or --ssh_authorized_key key="ssh-rsa AAAABBBB"')
c.argument('has_shared_key', arg_type=get_three_state_flag(),
help='Indicates whether shared key exists. Set it to false to remove existing shared key.')
c.argument('has_ssh_key', arg_type=get_three_state_flag(),
help='Indicates whether ssh key exists. Set it to false to remove existing SSH key.')
c.argument('has_ssh_password', arg_type=get_three_state_flag(),
help='Indicates whether ssh password exists. Set it to false to remove existing SSH password.')
for item in ['show', 'off']:
with self.argument_context('storage logging {}'.format(item)) as c:
c.extra('services', validator=get_char_options_validator('bqt', 'services'), default='bqt')
with self.argument_context('storage logging update') as c:
c.extra('services', validator=get_char_options_validator('bqt', 'services'), options_list='--services',
required=True)
c.argument('log', validator=get_char_options_validator('rwd', 'log'))
c.argument('retention', type=int)
c.argument('version', type=float, validator=validate_logging_version)
with self.argument_context('storage metrics show') as c:
c.extra('services', validator=get_char_options_validator('bfqt', 'services'), default='bfqt')
c.argument('interval', arg_type=get_enum_type(['hour', 'minute', 'both']))
with self.argument_context('storage metrics update') as c:
c.extra('services', validator=get_char_options_validator('bfqt', 'services'), options_list='--services',
required=True)
c.argument('hour', validator=process_metric_update_namespace, arg_type=get_enum_type(['true', 'false']))
c.argument('minute', arg_type=get_enum_type(['true', 'false']))
c.argument('api', arg_type=get_enum_type(['true', 'false']))
c.argument('retention', type=int)
with self.argument_context('storage blob') as c:
c.argument('blob_name', options_list=('--name', '-n'), arg_type=blob_name_type)
c.argument('destination_path', help='The destination path that will be prepended to the blob name.')
c.argument('socket_timeout', deprecate_info=c.deprecate(hide=True),
help='The socket timeout(secs), used by the service to regulate data flow.')
with self.argument_context('storage blob list') as c:
from ._validators import get_include_help_string
t_blob_include = self.get_sdk('_generated.models._azure_blob_storage_enums#ListBlobsIncludeItem',
resource_type=ResourceType.DATA_STORAGE_BLOB)
c.register_container_arguments()
c.argument('delimiter',
help='When the request includes this parameter, the operation returns a BlobPrefix element in the '
'result list that acts as a placeholder for all blobs whose names begin with the same substring '
'up to the appearance of the delimiter character. The delimiter may be a single character or a '
'string.')
c.argument('include', help="Specify one or more additional datasets to include in the response. "
"Options include: {}. Can be combined.".format(get_include_help_string(t_blob_include)),
validator=validate_included_datasets_validator(include_class=t_blob_include))
c.argument('marker', arg_type=marker_type)
c.argument('num_results', arg_type=num_results_type)
c.argument('prefix',
help='Filter the results to return only blobs whose name begins with the specified prefix.')
c.argument('show_next_marker', action='store_true',
help='Show nextMarker in result when specified.')
with self.argument_context('storage blob generate-sas', resource_type=ResourceType.DATA_STORAGE_BLOB) as c:
from .completers import get_storage_acl_name_completion_list
t_blob_permissions = self.get_sdk('_models#BlobSasPermissions', resource_type=ResourceType.DATA_STORAGE_BLOB)
c.register_sas_arguments()
c.register_blob_arguments_track2()
c.argument('cache_control', help='Response header value for Cache-Control when resource is accessed '
'using this shared access signature.')
c.argument('content_disposition', help='Response header value for Content-Disposition when resource is '
'accessed using this shared access signature.')
c.argument('content_encoding', help='Response header value for Content-Encoding when resource is accessed '
'using this shared access signature.')
c.argument('content_language', help='Response header value for Content-Language when resource is accessed '
'using this shared access signature.')
c.argument('content_type', help='Response header value for Content-Type when resource is accessed '
'using this shared access signature.')
c.argument('full_uri', action='store_true',
help='Indicates that this command return the full blob URI and the shared access signature token.')
c.argument('as_user', action='store_true',
validator=as_user_validator,
help="Indicates that this command return the SAS signed with the user delegation key. "
"The expiry parameter and '--auth-mode login' are required if this argument is specified. ")
c.argument('id', options_list='--policy-name', validator=validate_policy,
help='The name of a stored access policy within the container\'s ACL.',
completer=get_storage_acl_name_completion_list(t_base_blob_service, 'container_name',
'get_access_policy'))
c.argument('permission', options_list='--permissions',
help=sas_help.format(get_permission_help_string(t_blob_permissions)),
validator=get_permission_validator(t_blob_permissions))
c.argument('snapshot', help='An optional blob snapshot ID. Opaque DateTime value that, when present, '
'specifies the blob snapshot to grant permission.')
c.extra('encryption_scope', help='A predefined encryption scope used to encrypt the data on the service.')
c.ignore('sas_token')
with self.argument_context('storage blob restore', resource_type=ResourceType.MGMT_STORAGE) as c:
from ._validators import BlobRangeAddAction
c.argument('blob_ranges', options_list=['--blob-range', '-r'], action=BlobRangeAddAction, nargs='+',
help='Blob ranges to restore. You need to two values to specify start_range and end_range for each '
'blob range, e.g. -r blob1 blob2. Note: Empty means account start as start range value, and '
'means account end for end range.')
c.argument('account_name', acct_name_type, id_part=None)
c.argument('resource_group_name', required=False, validator=process_resource_group)
c.argument('time_to_restore', type=get_datetime_type(True), options_list=['--time-to-restore', '-t'],
help='Restore blob to the specified time, which should be UTC datetime in (Y-m-d\'T\'H:M:S\'Z\').')
with self.argument_context('storage blob rewrite', resource_type=ResourceType.DATA_STORAGE_BLOB) as c:
c.register_blob_arguments()
c.register_precondition_options()
c.argument('source_url', options_list=['--source-uri', '-u'],
help='A URL of up to 2 KB in length that specifies a file or blob. The value should be URL-encoded '
'as it would appear in a request URI. If the source is in another account, the source must either '
'be public or must be authenticated via a shared access signature. If the source is public, no '
'authentication is required.')
c.extra('lease', options_list='--lease-id',
help='Required if the blob has an active lease. Value can be a BlobLeaseClient object '
'or the lease ID as a string.')
c.extra('standard_blob_tier', arg_type=get_enum_type(t_blob_tier), options_list='--tier',
help='A standard blob tier value to set the blob to. For this version of the library, '
'this is only applicable to block blobs on standard storage accounts.')
c.extra('encryption_scope',
help='A predefined encryption scope used to encrypt the data on the service. An encryption scope '
'can be created using the Management API and referenced here by name. If a default encryption scope '
'has been defined at the container, this value will override it if the container-level scope is '
'configured to allow overrides. Otherwise an error will be raised.')
with self.argument_context('storage blob update') as c:
c.register_blob_arguments()
c.register_precondition_options()
t_blob_content_settings = self.get_sdk('_models#ContentSettings', resource_type=ResourceType.DATA_STORAGE_BLOB)
c.register_content_settings_argument(t_blob_content_settings, update=True, process_md5=True)
c.extra('lease', options_list=['--lease-id'], help='Required if the blob has an active lease.')
with self.argument_context('storage blob exists') as c:
c.register_blob_arguments_track2()
c.extra('snapshot', help='The snapshot parameter is an opaque DateTime value that, when present, '
'specifies the snapshot.')
with self.argument_context('storage blob url') as c:
from ._validators import get_not_none_validator
c.extra('blob_name', required=True)
c.extra('container_name', required=True, validator=get_not_none_validator('container_name'))
c.extra('protocol', arg_type=get_enum_type(['http', 'https'], 'https'), help='Protocol to use.')
c.extra('snapshot', help='An string value that uniquely identifies the snapshot. The value of this query '
'parameter indicates the snapshot version.')
with self.argument_context('storage blob snapshot') as c:
c.register_blob_arguments_track2()
c.register_precondition_options()