storage_accounts#

State module for managing Storage Accounts.

async idem_azure.states.azure.storage_resource_provider.storage_accounts.present(hub, ctx, name: str, resource_group_name: str, account_name: str, location: str, sku_name: str, sku_tier: str = None, account_kind: str = None, cross_tenant_replication_enabled: bool = None, access_tier: str = None, edge_zone: str = None, enable_https_traffic_only: bool = None, min_tls_version: str = None, allow_blob_public_access: bool = None, allow_shared_key_access: bool = None, public_network_access: str = None, default_to_oauth_authentication: bool = None, is_hns_enabled: bool = None, nfsv3_enabled: bool = None, custom_domain: CustomDomain = None, customer_managed_key: CustomerManagedKey = None, identity: Identity = None, network_rules: NetworkRules = None, large_file_shares_state: str = None, azure_files_authentication: AzureFilesAuthentication = None, routing: Routing = None, encryption_service: EncryptionService = None, require_infrastructure_encryption: bool = None, immutability_policy: ImmutabilityPolicy = None, sas_policy: SasPolicy = None, key_policy: KeyPolicy = None, allowed_copy_scope: str = None, sftp_enabled: bool = None, tags: Dict[str, str] = None, subscription_id: str = None, resource_id: str = None) Dict[source]#

Create or update Storage Accounts.

Parameters:

  • name (str) – The identifier for this state.

  • account_name (str) – The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

  • resource_group_name (str) – The name of the resource group.

  • location (str) – Specifies the supported Azure location where the resource exists.

  • sku_name (str) – The SKU name.

  • sku_tier (str, Optional) – The SKU tier.

  • account_kind (str, Optional) – Defines the Kind of account.

  • cross_tenant_replication_enabled (bool, Optional) – Allow or disallow cross AAD tenant object replication

  • access_tier (str, Optional) – Required for storage accounts where account_kind = BlobStorage. The access tier is used for billing.

  • edge_zone (str, Optional) – Specifies the Edge Zone within the Azure Region where this Storage Account should exist.

  • enable_https_traffic_only (bool, Optional) – Boolean flag which forces HTTPS if enabled.

  • min_tls_version (str, Optional) – The minimum supported TLS version for the storage account.

  • allow_blob_public_access (bool, Optional) – Allow or disallow nested items within this Account to opt into being public.

  • allow_shared_key_access (bool, Optional) – Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key.

  • public_network_access (str, Optional) – Allow or disallow public network access to Storage Account. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’.

  • default_to_oauth_authentication (bool, Optional) – A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property.

  • is_hns_enabled (bool, Optional) – Account HierarchicalNamespace enabled if sets to true.

  • nfsv3_enabled (bool, Optional) – NFS 3.0 protocol support enabled if set to true.

  • custom_domain (dict[str, Any], Optional) –

    User domain assigned to the storage account.

    • name(str):

      The Custom Domain Name to use for the Storage Account.

    • use_subdomain(bool, Optional):

      Indicates whether indirect CName validation is enabled. Default value is false.

  • customer_managed_key (dict[str, Any], Optional) –

    Combination of Key vault key id and user assigned id.

    • user_assigned_identity_id(str):

      User Assigned Identity id.

    • key_vault_key_id(str, Optional):

      The object identifier of the current versioned Key Vault Key in use.

    • federated_identity_client_id(str, Optional):

      ClientId of the multi-tenant application to be used in conjunction with the user-assigned identity for cross-tenant customer-managed-keys server-side encryption on the storage account.

    • key_name(str, Optional):

      The name of KeyVault key.

    • key_vault_uri(str, Optional):

      The Uri of KeyVault.

    • key_version(str, Optional):

      The version of KeyVault key.

  • identity (dict[str, Any], Optional) –

    The identity of the resource.

    • type(str):

      The identity type. Possible values are SystemAssigned, UserAssigned, SystemAssigned, UserAssigned.

    • user_assigned_identities(dict[str, Any], Optional):

      Key value pairs that describe the set of User Assigned identities that will be used with this storage account.

  • network_rules (dict[str, Any], Optional) –

    Network rule set.

    • default_action(str):

      Specifies the default action of allow or deny when no other rules match. Valid options are Deny or Allow.

    • bypass(str, Optional):

      Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices.

    • ip_rule_values(list, Optional):

      List of IP or IP range in CIDR format. Only IPV4 address is allowed.

    • virtual_network_subnet_ids(list, Optional):

      A list of resource ids of virtual network subnets.

    • resource_access_rules(dict[str, Any], Optional):

      The resource access rules.

  • large_file_shares_state (str, Optional) – Allow large file shares if sets to enable.

  • azure_files_authentication (dict[str, Any], Optional) –

    Provides the identity based authentication settings for Azure Files.

    • directory_service_options(str):

      The directory service to be used. Possible values are AADDS, AD and AADKERB.

    • active_directory_properties(dict[str, Any], Optional):

      Required if directoryServiceOptions are AD, optional if they are AADKERB.

      • azure_storage_sid(str):

        Specifies the security identifier (SID) for Azure Storage.

      • domain_name(str):

        Specifies the primary domain that the AD DNS server is authoritative for.

      • domain_sid(str):

        Specifies the security identifier (SID).

      • domain_guid(str):

        Specifies the domain GUID.

      • forest_name(str):

        Specifies the Active Directory forest to get.

      • netbios_domain_name(str):

        Specifies the NetBIOS domain name.

    • default_share_permission(str):

      Default share permission for users using Kerberos authentication if RBAC role is not assigned.

  • routing (dict[str, Any], Optional) –

    Maintains information about the network routing choice opted by the user for data transfer.

    • publish_internet_endpoints(bool, Optional):

      A boolean flag which indicates whether internet routing storage endpoints are to be published.

    • publish_microsoft_endpoints(bool, Optional):

      A boolean flag which indicates whether microsoft routing storage endpoints are to be published.

    • routing_choice(str, Optional):

      Routing Choice defines the kind of network routing opted by the user.

  • encryption_service (dict[str, Any], Optional) –

    Encryption details.

    • queue_encryption_key_type(str, Optional):

      The encryption type of the queue service.

    • table_encryption_key_type(str, Optional):

      The encryption type of the table service.

    • blob_encryption_key_type(str, Optional):

      The encryption type of the blob service.

    • file_encryption_key_type(str, Optional):

      The encryption type of the file service.

    • encryption_key_source(str, Optional):

      The encryption keySource (provider)

  • require_infrastructure_encryption (bool, Optional) – A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.

  • immutability_policy (dict[str, Any], Optional) –

    This argument specifies the default account-level immutability policy which is inherited and applied to objects.

    • allow_protected_append_writes(bool):

      This property can only be changed for disabled and unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted.

    • state(str):

      Defines the mode of the policy. Disabled state disables the policy, Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted.

    • period_since_creation_in_days(int): The immutability period for the blobs in the container since the policy creation, in days.

  • sas_policy (dict[str, Any], Optional) –

    SasPolicy assigned to the storage account.

    • expiration_period(str, Optional):

      The SAS expiration period, DD.HH:MM:SS.

    • expiration_action(str, Optional):

      The SAS expiration action. Valid value is Log.

  • key_policy (dict[str, Any], Optional) –

    KeyPolicy assigned to the storage account.

    • key_expiration_period_in_days(int, Optional):

      The key expiration period in days.

  • allowed_copy_scope (str, Optional) – Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.

  • sftp_enabled (bool, Optional) – Enables Secure File Transfer Protocol, if set to true.

  • tags (dict[str, str], Optional) – The resource tags.

  • subscription_id (str, Optional) – Subscription Unique id.

  • resource_id (str, Optional) – Storage account resource id on Azure.

Returns:

dict

Examples

resource_is_present:
  azure.storage_resource_provider.storage_accounts.present:
    - resource_group_name: value
    - account_name: value
    - location: value
    - sku_name: value
    - sku_tier: value
async idem_azure.states.azure.storage_resource_provider.storage_accounts.absent(hub, ctx, name: str, resource_id: str = None, resource_group_name: str = None, account_name: str = None, subscription_id: str = None) dict[source]#

Delete Storage Accounts.

Parameters:

  • name (str) – The identifier for this state.

  • resource_id (str, Optional) – Storage Account resource id on Azure.

  • resource_group_name (str) – The name of the resource group.

  • account_name (str) – The name of the storage account within the specified resource group.

  • subscription_id (str, Optional) – Subscription Unique id.

Returns:

dict

Examples

resource_is_absent:
  azure.storage_resource_provider.storage_accounts.absent:
    - name: value
    - resource_group_name: value
    - account_name: value
async idem_azure.states.azure.storage_resource_provider.storage_accounts.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function.

Lists all Storage Accounts under the same subscription.

Returns:

Dict[str, Any]

Examples

$ idem describe azure.storage_resource_provider.storage_accounts
idem_azure.states.azure.storage_resource_provider.storage_accounts.is_pending(hub, ret: dict, state: str = None, **pending_kwargs) bool[source]#

Default implemented for each module.