public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
if (ShouldProcess(this.Name, "Set Storage Account"))
{
if (this.force || this.AccessTier == null || ShouldContinue("Changing the access tier may result in additional charges. See (http://go.microsoft.com/fwlink/?LinkId=786482) to learn more.", ""))
{
StorageAccountUpdateParameters updateParameters = new StorageAccountUpdateParameters();
if (this.SkuName != null)
{
updateParameters.Sku = new Sku(this.SkuName);
}
if (this.Tag != null)
{
Dictionary <string, string> tagDictionary = TagsConversionHelper.CreateTagDictionary(Tag, validate: true);
updateParameters.Tags = tagDictionary ?? new Dictionary <string, string>();
}
if (this.CustomDomainName != null)
{
updateParameters.CustomDomain = new CustomDomain()
{
Name = CustomDomainName,
UseSubDomainName = UseSubDomain
};
}
else if (UseSubDomain != null)
{
throw new System.ArgumentException(string.Format("UseSubDomain must be set together with CustomDomainName."));
}
if (this.AccessTier != null)
{
updateParameters.AccessTier = ParseAccessTier(AccessTier);
}
if (enableHttpsTrafficOnly != null)
{
updateParameters.EnableHttpsTrafficOnly = enableHttpsTrafficOnly;
}
if (AssignIdentity.IsPresent || this.UserAssignedIdentityId != null || this.IdentityType != null)
{
updateParameters.Identity = new Identity()
{
Type = StorageModels.IdentityType.SystemAssigned
};
if (this.IdentityType != null)
{
updateParameters.Identity.Type = GetIdentityTypeString(this.IdentityType);
}
if (this.UserAssignedIdentityId != null)
{
if (updateParameters.Identity.Type != StorageModels.IdentityType.UserAssigned && updateParameters.Identity.Type != StorageModels.IdentityType.SystemAssignedUserAssigned)
{
throw new ArgumentException("UserAssignIdentityId should only be specified when AssignIdentityType is UserAssigned or SystemAssignedUserAssigned.", "UserAssignIdentityId");
}
updateParameters.Identity.UserAssignedIdentities = new Dictionary <string, UserAssignedIdentity>();
updateParameters.Identity.UserAssignedIdentities.Add(this.UserAssignedIdentityId, new UserAssignedIdentity());
var accountProperties = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
if (accountProperties.Identity != null && accountProperties.Identity.UserAssignedIdentities != null && accountProperties.Identity.UserAssignedIdentities.Count > 0)
{
foreach (var uid in accountProperties.Identity.UserAssignedIdentities)
{
if (!uid.Key.Equals(this.UserAssignedIdentityId, StringComparison.OrdinalIgnoreCase))
{
updateParameters.Identity.UserAssignedIdentities.Add(uid.Key, null);
}
}
}
}
}
if (StorageEncryption || ParameterSetName == KeyvaultEncryptionParameterSet || this.KeyVaultUserAssignedIdentityId != null)
{
if (ParameterSetName == KeyvaultEncryptionParameterSet)
{
keyvaultEncryption = true;
}
updateParameters.Encryption = ParseEncryption(StorageEncryption, keyvaultEncryption, KeyName, KeyVersion, KeyVaultUri);
if (this.KeyVaultUserAssignedIdentityId != null)
{
updateParameters.Encryption.EncryptionIdentity = new EncryptionIdentity();
updateParameters.Encryption.EncryptionIdentity.EncryptionUserAssignedIdentity = this.KeyVaultUserAssignedIdentityId;
}
}
if (NetworkRuleSet != null)
{
updateParameters.NetworkRuleSet = PSNetworkRuleSet.ParseStorageNetworkRule(NetworkRuleSet);
}
if (UpgradeToStorageV2.IsPresent)
{
updateParameters.Kind = Kind.StorageV2;
}
if (enableAzureActiveDirectoryDomainServicesForFile != null)
{
if (enableAzureActiveDirectoryDomainServicesForFile.Value) // enable AADDS
{
//if user want to enable AADDS, must first disable AD
var originStorageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
if (originStorageAccount.AzureFilesIdentityBasedAuthentication != null &&
originStorageAccount.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions == DirectoryServiceOptions.AD)
{
throw new System.ArgumentException("The Storage account already enabled ActiveDirectoryDomainServicesForFile, please disable it by run this cmdlets with \"-EnableActiveDirectoryDomainServicesForFile $false\" before enable AzureActiveDirectoryDomainServicesForFile.");
}
updateParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication();
updateParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.AADDS;
}
else //Disable AADDS
{
// Only disable AADDS; else keep unchanged
var originStorageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
if (originStorageAccount.AzureFilesIdentityBasedAuthentication == null ||
originStorageAccount.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions == DirectoryServiceOptions.AADDS)
{
updateParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication();
updateParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.None;
}
else
{
updateParameters.AzureFilesIdentityBasedAuthentication = originStorageAccount.AzureFilesIdentityBasedAuthentication;
}
}
}
if (enableActiveDirectoryDomainServicesForFile != null)
{
if (enableActiveDirectoryDomainServicesForFile.Value) // Enable AD
{
if (string.IsNullOrEmpty(this.ActiveDirectoryDomainName) ||
string.IsNullOrEmpty(this.ActiveDirectoryNetBiosDomainName) ||
string.IsNullOrEmpty(this.ActiveDirectoryForestName) ||
string.IsNullOrEmpty(this.ActiveDirectoryDomainGuid) ||
string.IsNullOrEmpty(this.ActiveDirectoryDomainSid) ||
string.IsNullOrEmpty(this.ActiveDirectoryAzureStorageSid)
)
{
throw new System.ArgumentNullException("ActiveDirectoryDomainName, ActiveDirectoryNetBiosDomainName, ActiveDirectoryForestName, ActiveDirectoryDomainGuid, ActiveDirectoryDomainSid, ActiveDirectoryAzureStorageSid",
"To enable ActiveDirectoryDomainServicesForFile, user must specify all of: ActiveDirectoryDomainName, ActiveDirectoryNetBiosDomainName, ActiveDirectoryForestName, ActiveDirectoryDomainGuid, ActiveDirectoryDomainSid, ActiveDirectoryAzureStorageSid.");
}
//if user want to enable AD, must first disable AADDS
var originStorageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
if (originStorageAccount.AzureFilesIdentityBasedAuthentication != null &&
originStorageAccount.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions == DirectoryServiceOptions.AADDS)
{
throw new System.ArgumentException("The Storage account already enabled AzureActiveDirectoryDomainServicesForFile, please disable it by run this cmdlets with \"-EnableAzureActiveDirectoryDomainServicesForFile $false\" before enable ActiveDirectoryDomainServicesForFile.");
}
updateParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication();
updateParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.AD;
updateParameters.AzureFilesIdentityBasedAuthentication.ActiveDirectoryProperties = new ActiveDirectoryProperties()
{
DomainName = this.ActiveDirectoryDomainName,
NetBiosDomainName = this.ActiveDirectoryNetBiosDomainName,
ForestName = this.ActiveDirectoryForestName,
DomainGuid = this.ActiveDirectoryDomainGuid,
DomainSid = this.ActiveDirectoryDomainSid,
AzureStorageSid = this.ActiveDirectoryAzureStorageSid
};
}
else // Disable AD
{
if (!string.IsNullOrEmpty(this.ActiveDirectoryDomainName) ||
!string.IsNullOrEmpty(this.ActiveDirectoryNetBiosDomainName) ||
!string.IsNullOrEmpty(this.ActiveDirectoryForestName) ||
!string.IsNullOrEmpty(this.ActiveDirectoryDomainGuid) ||
!string.IsNullOrEmpty(this.ActiveDirectoryDomainSid) ||
!string.IsNullOrEmpty(this.ActiveDirectoryAzureStorageSid)
)
{
throw new System.ArgumentException("To Disable ActiveDirectoryDomainServicesForFile, user can't specify any of: ActiveDirectoryDomainName, ActiveDirectoryNetBiosDomainName, ActiveDirectoryForestName, ActiveDirectoryDomainGuid, ActiveDirectoryDomainSid, ActiveDirectoryAzureStorageSid.");
}
// Only disable AD; else keep unchanged
var originStorageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
if (originStorageAccount.AzureFilesIdentityBasedAuthentication == null ||
originStorageAccount.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions == DirectoryServiceOptions.AD)
{
updateParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication();
updateParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.None;
}
else
{
updateParameters.AzureFilesIdentityBasedAuthentication = originStorageAccount.AzureFilesIdentityBasedAuthentication;
}
}
}
if (this.DefaultSharePermission != null)
{
if (updateParameters.AzureFilesIdentityBasedAuthentication == null)
{
updateParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication();
}
updateParameters.AzureFilesIdentityBasedAuthentication.DefaultSharePermission = this.DefaultSharePermission;
}
if (this.EnableLargeFileShare.IsPresent)
{
updateParameters.LargeFileSharesState = LargeFileSharesState.Enabled;
}
if (this.minimumTlsVersion != null)
{
updateParameters.MinimumTlsVersion = this.minimumTlsVersion;
}
if (this.allowBlobPublicAccess != null)
{
updateParameters.AllowBlobPublicAccess = this.allowBlobPublicAccess;
}
if (this.RoutingChoice != null || this.publishMicrosoftEndpoint != null || this.publishInternetEndpoint != null)
{
updateParameters.RoutingPreference = new RoutingPreference(this.RoutingChoice, this.publishMicrosoftEndpoint, this.publishInternetEndpoint);
}
if (allowSharedKeyAccess != null)
{
updateParameters.AllowSharedKeyAccess = allowSharedKeyAccess;
}
if (SasExpirationPeriod != null && SasExpirationPeriod != TimeSpan.Zero)
{
updateParameters.SasPolicy = new SasPolicy(SasExpirationPeriod.ToString(@"d\.hh\:mm\:ss"));
}
if (keyExpirationPeriodInDay != null)
{
updateParameters.KeyPolicy = new KeyPolicy(keyExpirationPeriodInDay.Value);
}
if (allowCrossTenantReplication != null)
{
updateParameters.AllowCrossTenantReplication = allowCrossTenantReplication;
}
var updatedAccountResponse = this.StorageClient.StorageAccounts.Update(
this.ResourceGroupName,
this.Name,
updateParameters);
var storageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
WriteStorageAccount(storageAccount);
}
}
}
public override void ExecuteCmdlet()
{
base.ExecuteCmdlet();
CheckNameAvailabilityResult checkNameAvailabilityResult = this.StorageClient.StorageAccounts.CheckNameAvailability(this.Name);
if (!checkNameAvailabilityResult.NameAvailable.Value)
{
throw new System.ArgumentException(checkNameAvailabilityResult.Message, "Name");
}
StorageAccountCreateParameters createParameters = new StorageAccountCreateParameters()
{
Location = this.Location,
Sku = new Sku(this.SkuName),
Tags = TagsConversionHelper.CreateTagDictionary(Tag, validate: true),
};
if (this.CustomDomainName != null)
{
createParameters.CustomDomain = new CustomDomain()
{
Name = CustomDomainName,
UseSubDomainName = UseSubDomain
};
}
else if (UseSubDomain != null)
{
throw new System.ArgumentException(string.Format("UseSubDomain must be set together with CustomDomainName."));
}
if (kind != null)
{
createParameters.Kind = kind;
}
if (this.AccessTier != null)
{
createParameters.AccessTier = ParseAccessTier(AccessTier);
}
if (enableHttpsTrafficOnly != null)
{
createParameters.EnableHttpsTrafficOnly = enableHttpsTrafficOnly;
}
if (AssignIdentity.IsPresent || this.UserAssignedIdentityId != null || this.IdentityType != null)
{
createParameters.Identity = new Identity()
{
Type = StorageModels.IdentityType.SystemAssigned
};
if (this.IdentityType != null)
{
createParameters.Identity.Type = GetIdentityTypeString(this.IdentityType);
}
if (this.UserAssignedIdentityId != null)
{
if (createParameters.Identity.Type != StorageModels.IdentityType.UserAssigned && createParameters.Identity.Type != StorageModels.IdentityType.SystemAssignedUserAssigned)
{
throw new ArgumentException("UserAssignIdentityId should only be specified when AssignIdentityType is UserAssigned or SystemAssignedUserAssigned.", "UserAssignIdentityId");
}
createParameters.Identity.UserAssignedIdentities = new Dictionary <string, UserAssignedIdentity>();
createParameters.Identity.UserAssignedIdentities.Add(this.UserAssignedIdentityId, new UserAssignedIdentity());
}
}
if (NetworkRuleSet != null)
{
createParameters.NetworkRuleSet = PSNetworkRuleSet.ParseStorageNetworkRule(NetworkRuleSet);
}
if (enableHierarchicalNamespace != null)
{
createParameters.IsHnsEnabled = enableHierarchicalNamespace;
}
if (enableAzureActiveDirectoryDomainServicesForFile != null || enableActiveDirectoryDomainServicesForFile != null)
{
createParameters.AzureFilesIdentityBasedAuthentication = new AzureFilesIdentityBasedAuthentication();
if (enableAzureActiveDirectoryDomainServicesForFile != null && enableAzureActiveDirectoryDomainServicesForFile.Value)
{
createParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.AADDS;
}
else if (enableActiveDirectoryDomainServicesForFile != null && enableActiveDirectoryDomainServicesForFile.Value)
{
if (string.IsNullOrEmpty(this.ActiveDirectoryDomainName) ||
string.IsNullOrEmpty(this.ActiveDirectoryNetBiosDomainName) ||
string.IsNullOrEmpty(this.ActiveDirectoryForestName) ||
string.IsNullOrEmpty(this.ActiveDirectoryDomainGuid) ||
string.IsNullOrEmpty(this.ActiveDirectoryDomainSid) ||
string.IsNullOrEmpty(this.ActiveDirectoryAzureStorageSid)
)
{
throw new System.ArgumentNullException("ActiveDirectoryDomainName, ActiveDirectoryNetBiosDomainName, ActiveDirectoryForestName, ActiveDirectoryDomainGuid, ActiveDirectoryDomainSid, ActiveDirectoryAzureStorageSid",
"To enable ActiveDirectoryDomainServicesForFile, user must specify all of: ActiveDirectoryDomainName, ActiveDirectoryNetBiosDomainName, ActiveDirectoryForestName, ActiveDirectoryDomainGuid, ActiveDirectoryDomainSid, ActiveDirectoryAzureStorageSid.");
}
createParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.AD;
createParameters.AzureFilesIdentityBasedAuthentication.ActiveDirectoryProperties = new ActiveDirectoryProperties()
{
DomainName = this.ActiveDirectoryDomainName,
NetBiosDomainName = this.ActiveDirectoryNetBiosDomainName,
ForestName = this.ActiveDirectoryForestName,
DomainGuid = this.ActiveDirectoryDomainGuid,
DomainSid = this.ActiveDirectoryDomainSid,
AzureStorageSid = this.ActiveDirectoryAzureStorageSid
};
}
else
{
createParameters.AzureFilesIdentityBasedAuthentication.DirectoryServiceOptions = DirectoryServiceOptions.None;
}
}
if (this.EnableLargeFileShare.IsPresent)
{
createParameters.LargeFileSharesState = LargeFileSharesState.Enabled;
}
if (this.EncryptionKeyTypeForQueue != null || this.EncryptionKeyTypeForTable != null || this.RequireInfrastructureEncryption.IsPresent)
{
createParameters.Encryption = new Encryption();
createParameters.Encryption.KeySource = KeySource.MicrosoftStorage;
if (this.EncryptionKeyTypeForQueue != null || this.EncryptionKeyTypeForTable != null)
{
createParameters.Encryption.Services = new EncryptionServices();
if (this.EncryptionKeyTypeForQueue != null)
{
createParameters.Encryption.Services.Queue = new EncryptionService(keyType: this.EncryptionKeyTypeForQueue);
}
if (this.EncryptionKeyTypeForTable != null)
{
createParameters.Encryption.Services.Table = new EncryptionService(keyType: this.EncryptionKeyTypeForTable);
}
}
if (this.RequireInfrastructureEncryption.IsPresent)
{
createParameters.Encryption.RequireInfrastructureEncryption = true;
if (createParameters.Encryption.Services is null)
{
createParameters.Encryption.Services = new EncryptionServices();
createParameters.Encryption.Services.Blob = new EncryptionService();
}
}
}
if (this.KeyVaultUri != null || this.KeyName != null || this.KeyVersion != null || this.KeyVaultUserAssignedIdentityId != null)
{
if ((this.KeyVaultUri != null && this.KeyName == null) || (this.KeyVaultUri == null && this.KeyName != null))
{
throw new ArgumentException("KeyVaultUri and KeyName must be specify together");
}
if (this.KeyVersion != null && (this.KeyVaultUri == null || this.KeyName == null))
{
throw new ArgumentException("KeyVersion can only be specified when specify KeyVaultUri and KeyName together.", "KeyVersion");
}
if (this.KeyVaultUserAssignedIdentityId != null && (this.KeyVaultUri == null || this.KeyName == null))
{
throw new ArgumentException("KeyVaultUserAssignedIdentityId can only be specified when specify KeyVaultUri and KeyName together.", "KeyVaultUserAssignedIdentityId");
}
if (createParameters.Encryption == null)
{
createParameters.Encryption = new Encryption();
createParameters.Encryption.KeySource = KeySource.MicrosoftStorage;
}
if (createParameters.Encryption.Services is null)
{
createParameters.Encryption.Services = new EncryptionServices();
createParameters.Encryption.Services.Blob = new EncryptionService();
}
if (this.KeyVaultUri != null || this.KeyName != null || this.KeyVersion != null)
{
createParameters.Encryption.KeySource = KeySource.MicrosoftKeyvault;
createParameters.Encryption.KeyVaultProperties = new KeyVaultProperties(this.KeyName, this.KeyVersion, this.KeyVaultUri);
}
if (this.KeyVaultUserAssignedIdentityId != null)
{
createParameters.Encryption.EncryptionIdentity = new EncryptionIdentity();
createParameters.Encryption.EncryptionIdentity.EncryptionUserAssignedIdentity = this.KeyVaultUserAssignedIdentityId;
}
}
if (this.minimumTlsVersion != null)
{
createParameters.MinimumTlsVersion = this.minimumTlsVersion;
}
if (this.allowBlobPublicAccess != null)
{
createParameters.AllowBlobPublicAccess = this.allowBlobPublicAccess;
}
if (this.RoutingChoice != null || this.publishMicrosoftEndpoint != null || this.publishInternetEndpoint != null)
{
createParameters.RoutingPreference = new RoutingPreference(this.RoutingChoice, this.publishMicrosoftEndpoint, this.publishInternetEndpoint);
}
if (allowSharedKeyAccess != null)
{
createParameters.AllowSharedKeyAccess = allowSharedKeyAccess;
}
if (this.EdgeZone != null)
{
createParameters.ExtendedLocation = new ExtendedLocation()
{
Type = ExtendedLocationTypes.EdgeZone,
Name = this.EdgeZone
};
}
if (SasExpirationPeriod != null && SasExpirationPeriod != TimeSpan.Zero)
{
createParameters.SasPolicy = new SasPolicy(SasExpirationPeriod.ToString(@"d\.hh\:mm\:ss"));
}
if (keyExpirationPeriodInDay != null)
{
createParameters.KeyPolicy = new KeyPolicy(keyExpirationPeriodInDay.Value);
}
var createAccountResponse = this.StorageClient.StorageAccounts.Create(
this.ResourceGroupName,
this.Name,
createParameters);
var storageAccount = this.StorageClient.StorageAccounts.GetProperties(this.ResourceGroupName, this.Name);
this.WriteStorageAccount(storageAccount);
}
