public override void ExecuteCmdlet() { base.ExecuteCmdlet(); if (ShouldProcess(this.Name, "Set Storage Account")) { if (this.force || this.AccessTier == null || ShouldContinue("Changing the access tier may result in additional charges. See (http://go.microsoft.com/fwlink/?LinkId=786482) to learn more.", "")) { StorageAccountUpdateParameters updateParameters = new StorageAccountUpdateParameters(); if (this.SkuName != null) { updateParameters.Sku = new Sku(this.SkuName); } if (this.Tag != null) { Dictionary <string, string> tagDictionary = TagsConversionHelper.CreateTagDictionary(Tag, validate: true); updateParameters.Tags = tagDictionary ?? new Dictionary <string, string>(); } if (this.CustomDomainName != null) { updateParameters.CustomDomain = new CustomDomain() { Name = CustomDomainName, UseSubDomainName = UseSubDomain }; } else if (UseSubDomain != null) { throw new System.ArgumentException(string.Format("UseSubDomain must be set together with CustomDomainName.")); } if (this.AccessTier != null) { updateParameters.AccessTier = ParseAccessTier(AccessTier); } if (enableHttpsTrafficOnly != null) { updateParameters.EnableHttpsTrafficOnly = enableHttpsTrafficOnly; } if (AssignIdentity.IsPresent || this.UserAssignedIdentityId != null || this.IdentityType != null) { updateParameters.Identity = new Identity() { Type = StorageModels.IdentityType.SystemAssigned }; if (this.IdentityType != null) { updateParameters.Identity.Type = GetIdentityTypeString(this.IdentityType); } if (this.UserAssignedIdentityId != null) { if (updateParameters.Identity.Type != StorageModels.IdentityType.UserAssigned && updateParameters.Identity.Type != StorageModels.IdentityType.SystemAssignedUserAssigned) { throw new ArgumentException("UserAssignIdentityId should only be specified when AssignIdentityType is UserAssigned or SystemAssignedUserAssigned.", "UserAssignIdentityId"); } updateParameters.Identity.UserAssignedIdentities = new Dictionary <string, UserAssignedIdentity>(); updateParameters.Identity.UserAssignedIdentities.Add(this.UserAssignedIdentityId, new UserAssignedIdentity()); var accountProperties = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name); if (accountProperties.Identity != null && accountProperties.Identity.UserAssignedIdentities != null && accountProperties.Identity.UserAssignedIdentities.Count > 0) { foreach (var uid in accountProperties.Identity.UserAssignedIdentities) { if (!uid.Key.Equals(this.UserAssignedIdentityId, StringComparison.OrdinalIgnoreCase)) { updateParameters.Identity.UserAssignedIdentities.Add(uid.Key, null); } } } } } if (StorageEncryption || ParameterSetName == KeyvaultEncryptionParameterSet || this.KeyVaultUserAssignedIdentityId != null) { if (ParameterSetName == KeyvaultEncryptionParameterSet) { keyvaultEncryption = true; } updateParameters.Encryption = ParseEncryption(StorageEncryption, keyvaultEncryption, KeyName, KeyVersion, KeyVaultUri); if (this.KeyVaultUserAssignedIdentityId != null) { updateParameters.Encryption.EncryptionIdentity = new EncryptionIdentity(); updateParameters.Encryption.EncryptionIdentity.EncryptionUserAssignedIdentity = this.KeyVaultUserAssignedIdentityId; } } if (NetworkRuleSet != null) { updateParameters.NetworkRuleSet = PSNetworkRuleSet.ParseStorageNetworkRule(NetworkRuleSet); } if (UpgradeToStorageV2.IsPresent) { updateParameters.Kind = Kind.StorageV2; } if (enableAzureActiveDirectoryDomainServicesForFile != null) { if (enableAzureActiveDirectoryDomainServicesForFile.Value) // enable AADDS { //if user want to enable AADDS, must first disable AD var originStorageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name); if (originStorageAccount.AzureFilesIdentityBasedAuthentication != null && originStorageAccount.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions == DirectoryServiceOptions.AD) { throw new System.ArgumentException("The Storage account already enabled ActiveDirectoryDomainServicesForFile, please disable it by run this cmdlets with \"-EnableActiveDirectoryDomainServicesForFile $false\" before enable AzureActiveDirectoryDomainServicesForFile."); } updateParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication(); updateParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.AADDS; } else //Disable AADDS { // Only disable AADDS; else keep unchanged var originStorageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name); if (originStorageAccount.AzureFilesIdentityBasedAuthentication == null || originStorageAccount.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions == DirectoryServiceOptions.AADDS) { updateParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication(); updateParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.None; } else { updateParameters.AzureFilesIdentityBasedAuthentication = originStorageAccount.AzureFilesIdentityBasedAuthentication; } } } if (enableActiveDirectoryDomainServicesForFile != null) { if (enableActiveDirectoryDomainServicesForFile.Value) // Enable AD { if (string.IsNullOrEmpty(this.ActiveDirectoryDomainName) || string.IsNullOrEmpty(this.ActiveDirectoryNetBiosDomainName) || string.IsNullOrEmpty(this.ActiveDirectoryForestName) || string.IsNullOrEmpty(this.ActiveDirectoryDomainGuid) || string.IsNullOrEmpty(this.ActiveDirectoryDomainSid) || string.IsNullOrEmpty(this.ActiveDirectoryAzureStorageSid) ) { throw new System.ArgumentNullException("ActiveDirectoryDomainName, ActiveDirectoryNetBiosDomainName, ActiveDirectoryForestName, ActiveDirectoryDomainGuid, ActiveDirectoryDomainSid, ActiveDirectoryAzureStorageSid", "To enable ActiveDirectoryDomainServicesForFile, user must specify all of: ActiveDirectoryDomainName, ActiveDirectoryNetBiosDomainName, ActiveDirectoryForestName, ActiveDirectoryDomainGuid, ActiveDirectoryDomainSid, ActiveDirectoryAzureStorageSid."); } //if user want to enable AD, must first disable AADDS var originStorageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name); if (originStorageAccount.AzureFilesIdentityBasedAuthentication != null && originStorageAccount.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions == DirectoryServiceOptions.AADDS) { throw new System.ArgumentException("The Storage account already enabled AzureActiveDirectoryDomainServicesForFile, please disable it by run this cmdlets with \"-EnableAzureActiveDirectoryDomainServicesForFile $false\" before enable ActiveDirectoryDomainServicesForFile."); } updateParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication(); updateParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.AD; updateParameters.AzureFilesIdentityBasedAuthentication.ActiveDirectoryProperties = new ActiveDirectoryProperties() { DomainName = this.ActiveDirectoryDomainName, NetBiosDomainName = this.ActiveDirectoryNetBiosDomainName, ForestName = this.ActiveDirectoryForestName, DomainGuid = this.ActiveDirectoryDomainGuid, DomainSid = this.ActiveDirectoryDomainSid, AzureStorageSid = this.ActiveDirectoryAzureStorageSid }; } else // Disable AD { if (!string.IsNullOrEmpty(this.ActiveDirectoryDomainName) || !string.IsNullOrEmpty(this.ActiveDirectoryNetBiosDomainName) || !string.IsNullOrEmpty(this.ActiveDirectoryForestName) || !string.IsNullOrEmpty(this.ActiveDirectoryDomainGuid) || !string.IsNullOrEmpty(this.ActiveDirectoryDomainSid) || !string.IsNullOrEmpty(this.ActiveDirectoryAzureStorageSid) ) { throw new System.ArgumentException("To Disable ActiveDirectoryDomainServicesForFile, user can't specify any of: ActiveDirectoryDomainName, ActiveDirectoryNetBiosDomainName, ActiveDirectoryForestName, ActiveDirectoryDomainGuid, ActiveDirectoryDomainSid, ActiveDirectoryAzureStorageSid."); } // Only disable AD; else keep unchanged var originStorageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name); if (originStorageAccount.AzureFilesIdentityBasedAuthentication == null || originStorageAccount.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions == DirectoryServiceOptions.AD) { updateParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication(); updateParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.None; } else { updateParameters.AzureFilesIdentityBasedAuthentication = originStorageAccount.AzureFilesIdentityBasedAuthentication; } } } if (this.DefaultSharePermission != null) { if (updateParameters.AzureFilesIdentityBasedAuthentication == null) { updateParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication(); } updateParameters.AzureFilesIdentityBasedAuthentication.DefaultSharePermission = this.DefaultSharePermission; } if (this.EnableLargeFileShare.IsPresent) { updateParameters.LargeFileSharesState = LargeFileSharesState.Enabled; } if (this.minimumTlsVersion != null) { updateParameters.MinimumTlsVersion = this.minimumTlsVersion; } if (this.allowBlobPublicAccess != null) { updateParameters.AllowBlobPublicAccess = this.allowBlobPublicAccess; } if (this.RoutingChoice != null || this.publishMicrosoftEndpoint != null || this.publishInternetEndpoint != null) { updateParameters.RoutingPreference = new RoutingPreference(this.RoutingChoice, this.publishMicrosoftEndpoint, this.publishInternetEndpoint); } if (allowSharedKeyAccess != null) { updateParameters.AllowSharedKeyAccess = allowSharedKeyAccess; } if (SasExpirationPeriod != null && SasExpirationPeriod != TimeSpan.Zero) { updateParameters.SasPolicy = new SasPolicy(SasExpirationPeriod.ToString(@"d\.hh\:mm\:ss")); } if (keyExpirationPeriodInDay != null) { updateParameters.KeyPolicy = new KeyPolicy(keyExpirationPeriodInDay.Value); } if (allowCrossTenantReplication != null) { updateParameters.AllowCrossTenantReplication = allowCrossTenantReplication; } var updatedAccountResponse = this.StorageClient.StorageAccounts.Update( this.ResourceGroupName, this.Name, updateParameters); var storageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name); WriteStorageAccount(storageAccount); } } }
public override void ExecuteCmdlet() { base.ExecuteCmdlet(); CheckNameAvailabilityResult checkNameAvailabilityResult = this.StorageClient.StorageAccounts.CheckNameAvailability(this.Name); if (!checkNameAvailabilityResult.NameAvailable.Value) { throw new System.ArgumentException(checkNameAvailabilityResult.Message, "Name"); } StorageAccountCreateParameters createParameters = new StorageAccountCreateParameters() { Location = this.Location, Sku = new Sku(this.SkuName), Tags = TagsConversionHelper.CreateTagDictionary(Tag, validate: true), }; if (this.CustomDomainName != null) { createParameters.CustomDomain = new CustomDomain() { Name = CustomDomainName, UseSubDomainName = UseSubDomain }; } else if (UseSubDomain != null) { throw new System.ArgumentException(string.Format("UseSubDomain must be set together with CustomDomainName.")); } if (kind != null) { createParameters.Kind = kind; } if (this.AccessTier != null) { createParameters.AccessTier = ParseAccessTier(AccessTier); } if (enableHttpsTrafficOnly != null) { createParameters.EnableHttpsTrafficOnly = enableHttpsTrafficOnly; } if (AssignIdentity.IsPresent || this.UserAssignedIdentityId != null || this.IdentityType != null) { createParameters.Identity = new Identity() { Type = StorageModels.IdentityType.SystemAssigned }; if (this.IdentityType != null) { createParameters.Identity.Type = GetIdentityTypeString(this.IdentityType); } if (this.UserAssignedIdentityId != null) { if (createParameters.Identity.Type != StorageModels.IdentityType.UserAssigned && createParameters.Identity.Type != StorageModels.IdentityType.SystemAssignedUserAssigned) { throw new ArgumentException("UserAssignIdentityId should only be specified when AssignIdentityType is UserAssigned or SystemAssignedUserAssigned.", "UserAssignIdentityId"); } createParameters.Identity.UserAssignedIdentities = new Dictionary <string, UserAssignedIdentity>(); createParameters.Identity.UserAssignedIdentities.Add(this.UserAssignedIdentityId, new UserAssignedIdentity()); } } if (NetworkRuleSet != null) { createParameters.NetworkRuleSet = PSNetworkRuleSet.ParseStorageNetworkRule(NetworkRuleSet); } if (enableHierarchicalNamespace != null) { createParameters.IsHnsEnabled = enableHierarchicalNamespace; } if (enableAzureActiveDirectoryDomainServicesForFile != null || enableActiveDirectoryDomainServicesForFile != null) { createParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication(); if (enableAzureActiveDirectoryDomainServicesForFile != null && enableAzureActiveDirectoryDomainServicesForFile.Value) { createParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.AADDS; } else if (enableActiveDirectoryDomainServicesForFile != null && enableActiveDirectoryDomainServicesForFile.Value) { if (string.IsNullOrEmpty(this.ActiveDirectoryDomainName) || string.IsNullOrEmpty(this.ActiveDirectoryNetBiosDomainName) || string.IsNullOrEmpty(this.ActiveDirectoryForestName) || string.IsNullOrEmpty(this.ActiveDirectoryDomainGuid) || string.IsNullOrEmpty(this.ActiveDirectoryDomainSid) || string.IsNullOrEmpty(this.ActiveDirectoryAzureStorageSid) ) { throw new System.ArgumentNullException("ActiveDirectoryDomainName, ActiveDirectoryNetBiosDomainName, ActiveDirectoryForestName, ActiveDirectoryDomainGuid, ActiveDirectoryDomainSid, ActiveDirectoryAzureStorageSid", "To enable ActiveDirectoryDomainServicesForFile, user must specify all of: ActiveDirectoryDomainName, ActiveDirectoryNetBiosDomainName, ActiveDirectoryForestName, ActiveDirectoryDomainGuid, ActiveDirectoryDomainSid, ActiveDirectoryAzureStorageSid."); } createParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.AD; createParameters.AzureFilesIdentityBasedAuthentication.ActiveDirectoryProperties = new ActiveDirectoryProperties() { DomainName = this.ActiveDirectoryDomainName, NetBiosDomainName = this.ActiveDirectoryNetBiosDomainName, ForestName = this.ActiveDirectoryForestName, DomainGuid = this.ActiveDirectoryDomainGuid, DomainSid = this.ActiveDirectoryDomainSid, AzureStorageSid = this.ActiveDirectoryAzureStorageSid }; } else { createParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.None; } } if (this.EnableLargeFileShare.IsPresent) { createParameters.LargeFileSharesState = LargeFileSharesState.Enabled; } if (this.EncryptionKeyTypeForQueue != null || this.EncryptionKeyTypeForTable != null || this.RequireInfrastructureEncryption.IsPresent) { createParameters.Encryption = new Encryption(); createParameters.Encryption.KeySource = KeySource.MicrosoftStorage; if (this.EncryptionKeyTypeForQueue != null || this.EncryptionKeyTypeForTable != null) { createParameters.Encryption.Services = new EncryptionServices(); if (this.EncryptionKeyTypeForQueue != null) { createParameters.Encryption.Services.Queue = new EncryptionService(keyType: this.EncryptionKeyTypeForQueue); } if (this.EncryptionKeyTypeForTable != null) { createParameters.Encryption.Services.Table = new EncryptionService(keyType: this.EncryptionKeyTypeForTable); } } if (this.RequireInfrastructureEncryption.IsPresent) { createParameters.Encryption.RequireInfrastructureEncryption = true; if (createParameters.Encryption.Services is null) { createParameters.Encryption.Services = new EncryptionServices(); createParameters.Encryption.Services.Blob = new EncryptionService(); } } } if (this.KeyVaultUri != null || this.KeyName != null || this.KeyVersion != null || this.KeyVaultUserAssignedIdentityId != null) { if ((this.KeyVaultUri != null && this.KeyName == null) || (this.KeyVaultUri == null && this.KeyName != null)) { throw new ArgumentException("KeyVaultUri and KeyName must be specify together"); } if (this.KeyVersion != null && (this.KeyVaultUri == null || this.KeyName == null)) { throw new ArgumentException("KeyVersion can only be specified when specify KeyVaultUri and KeyName together.", "KeyVersion"); } if (this.KeyVaultUserAssignedIdentityId != null && (this.KeyVaultUri == null || this.KeyName == null)) { throw new ArgumentException("KeyVaultUserAssignedIdentityId can only be specified when specify KeyVaultUri and KeyName together.", "KeyVaultUserAssignedIdentityId"); } if (createParameters.Encryption == null) { createParameters.Encryption = new Encryption(); createParameters.Encryption.KeySource = KeySource.MicrosoftStorage; } if (createParameters.Encryption.Services is null) { createParameters.Encryption.Services = new EncryptionServices(); createParameters.Encryption.Services.Blob = new EncryptionService(); } if (this.KeyVaultUri != null || this.KeyName != null || this.KeyVersion != null) { createParameters.Encryption.KeySource = KeySource.MicrosoftKeyvault; createParameters.Encryption.KeyVaultProperties = new KeyVaultProperties(this.KeyName, this.KeyVersion, this.KeyVaultUri); } if (this.KeyVaultUserAssignedIdentityId != null) { createParameters.Encryption.EncryptionIdentity = new EncryptionIdentity(); createParameters.Encryption.EncryptionIdentity.EncryptionUserAssignedIdentity = this.KeyVaultUserAssignedIdentityId; } } if (this.minimumTlsVersion != null) { createParameters.MinimumTlsVersion = this.minimumTlsVersion; } if (this.allowBlobPublicAccess != null) { createParameters.AllowBlobPublicAccess = this.allowBlobPublicAccess; } if (this.RoutingChoice != null || this.publishMicrosoftEndpoint != null || this.publishInternetEndpoint != null) { createParameters.RoutingPreference = new RoutingPreference(this.RoutingChoice, this.publishMicrosoftEndpoint, this.publishInternetEndpoint); } if (allowSharedKeyAccess != null) { createParameters.AllowSharedKeyAccess = allowSharedKeyAccess; } if (this.EdgeZone != null) { createParameters.ExtendedLocation = new ExtendedLocation() { Type = ExtendedLocationTypes.EdgeZone, Name = this.EdgeZone }; } if (SasExpirationPeriod != null && SasExpirationPeriod != TimeSpan.Zero) { createParameters.SasPolicy = new SasPolicy(SasExpirationPeriod.ToString(@"d\.hh\:mm\:ss")); } if (keyExpirationPeriodInDay != null) { createParameters.KeyPolicy = new KeyPolicy(keyExpirationPeriodInDay.Value); } var createAccountResponse = this.StorageClient.StorageAccounts.Create( this.ResourceGroupName, this.Name, createParameters); var storageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name); this.WriteStorageAccount(storageAccount); }