{ "description": "Generator information:\n- Generated from: /storage/resource-manager/Microsoft.Storage/stable/2023-01-01/storage.json\n- ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "properties": { "accessTier": { "description": "AccessTier: Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium'\naccess tier is the default value for premium block blobs storage account type and it cannot be changed for the premium\nblock blobs storage account type.", "enum": [ "Cool", "Hot", "Premium" ], "type": "string" }, "allowBlobPublicAccess": { "description": "AllowBlobPublicAccess: Allow or disallow public access to all blobs or containers in the storage account. The default\ninterpretation is false for this property.", "type": "boolean" }, "allowCrossTenantReplication": { "description": "AllowCrossTenantReplication: Allow or disallow cross AAD tenant object replication. Set this property to true for new or\nexisting accounts only if object replication policies will involve storage accounts in different AAD tenants. The\ndefault interpretation is false for new accounts to follow best security practices by default.", "type": "boolean" }, "allowSharedKeyAccess": { "description": "AllowSharedKeyAccess: Indicates whether the storage account permits requests to be authorized with the account access\nkey via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure\nActive Directory (Azure AD). The default value is null, which is equivalent to true.", "type": "boolean" }, "allowedCopyScope": { "description": "AllowedCopyScope: Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.", "enum": [ "AAD", "PrivateLink" ], "type": "string" }, "azureFilesIdentityBasedAuthentication": { "description": "AzureFilesIdentityBasedAuthentication: Provides the identity based authentication settings for Azure Files.", "properties": { "activeDirectoryProperties": { "description": "ActiveDirectoryProperties: Required if directoryServiceOptions are AD, optional if they are AADKERB.", "properties": { "accountType": { "description": "AccountType: Specifies the Active Directory account type for Azure Storage.", "enum": [ "Computer", "User" ], "type": "string" }, "azureStorageSid": { "description": "AzureStorageSid: Specifies the security identifier (SID) for Azure Storage.", "type": "string" }, "domainGuid": { "description": "DomainGuid: Specifies the domain GUID.", "type": "string" }, "domainName": { "description": "DomainName: Specifies the primary domain that the AD DNS server is authoritative for.", "type": "string" }, "domainSid": { "description": "DomainSid: Specifies the security identifier (SID).", "type": "string" }, "forestName": { "description": "ForestName: Specifies the Active Directory forest to get.", "type": "string" }, "netBiosDomainName": { "description": "NetBiosDomainName: Specifies the NetBIOS domain name.", "type": "string" }, "samAccountName": { "description": "SamAccountName: Specifies the Active Directory SAMAccountName for Azure Storage.", "type": "string" } }, "required": [ "domainGuid", "domainName" ], "type": "object", "additionalProperties": false }, "defaultSharePermission": { "description": "DefaultSharePermission: Default share permission for users using Kerberos authentication if RBAC role is not assigned.", "enum": [ "None", "StorageFileDataSmbShareContributor", "StorageFileDataSmbShareElevatedContributor", "StorageFileDataSmbShareReader" ], "type": "string" }, "directoryServiceOptions": { "description": "DirectoryServiceOptions: Indicates the directory service used. Note that this enum may be extended in the future.", "enum": [ "AADDS", "AADKERB", "AD", "None" ], "type": "string" } }, "required": [ "directoryServiceOptions" ], "type": "object", "additionalProperties": false }, "azureName": { "description": "AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it\ndoesn't have to be.", "maxLength": 24, "minLength": 3, "pattern": "^[a-z0-9]+$", "type": "string" }, "customDomain": { "description": "CustomDomain: User domain assigned to the storage account. Name is the CNAME source. Only one custom domain is supported\nper storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name\nproperty.", "properties": { "name": { "description": "Name: Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source.", "type": "string" }, "useSubDomainName": { "description": "UseSubDomainName: Indicates whether indirect CName validation is enabled. Default value is false. This should only be\nset on updates.", "type": "boolean" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "defaultToOAuthAuthentication": { "description": "DefaultToOAuthAuthentication: A boolean flag which indicates whether the default authentication is OAuth or not. The\ndefault interpretation is false for this property.", "type": "boolean" }, "dnsEndpointType": { "description": "DnsEndpointType: Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of\naccounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an\nalphanumeric DNS Zone identifier.", "enum": [ "AzureDnsZone", "Standard" ], "type": "string" }, "encryption": { "description": "Encryption: Encryption settings to be used for server-side encryption for the storage account.", "properties": { "identity": { "description": "Identity: The identity to be used with service-side encryption at rest.", "properties": { "federatedIdentityClientId": { "description": "FederatedIdentityClientId: ClientId of the multi-tenant application to be used in conjunction with the user-assigned\nidentity for cross-tenant customer-managed-keys server-side encryption on the storage account.", "type": "string" }, "userAssignedIdentityReference": { "description": "UserAssignedIdentityReference: Resource identifier of the UserAssigned identity to be associated with server-side\nencryption on the storage account.", "properties": { "armId": { "description": "ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.\nThe /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level\nARMID is mutually exclusive with Group, Kind, Namespace and Name.", "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "group": { "description": "Group is the Kubernetes group of the resource.", "type": "string" }, "kind": { "description": "Kind is the Kubernetes kind of the resource.", "type": "string" }, "name": { "description": "Name is the Kubernetes name of the resource.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "keySource": { "description": "KeySource: The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage,\nMicrosoft.Keyvault", "enum": [ "Microsoft.Keyvault", "Microsoft.Storage" ], "type": "string" }, "keyvaultproperties": { "description": "Keyvaultproperties: Properties provided by key vault.", "properties": { "keyname": { "description": "Keyname: The name of KeyVault key.", "type": "string" }, "keyvaulturi": { "description": "Keyvaulturi: The Uri of KeyVault.", "type": "string" }, "keyversion": { "description": "Keyversion: The version of KeyVault key.", "type": "string" } }, "type": "object", "additionalProperties": false }, "requireInfrastructureEncryption": { "description": "RequireInfrastructureEncryption: A boolean indicating whether or not the service applies a secondary layer of encryption\nwith platform managed keys for data at rest.", "type": "boolean" }, "services": { "description": "Services: List of services which support encryption.", "properties": { "blob": { "description": "Blob: The encryption function of the blob storage service.", "properties": { "enabled": { "description": "Enabled: A boolean indicating whether or not the service encrypts the data as it is stored. Encryption at rest is\nenabled by default today and cannot be disabled.", "type": "boolean" }, "keyType": { "description": "KeyType: Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped\nencryption key will be used. 'Service' key type implies that a default service key is used.", "enum": [ "Account", "Service" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "file": { "description": "File: The encryption function of the file storage service.", "properties": { "enabled": { "description": "Enabled: A boolean indicating whether or not the service encrypts the data as it is stored. Encryption at rest is\nenabled by default today and cannot be disabled.", "type": "boolean" }, "keyType": { "description": "KeyType: Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped\nencryption key will be used. 'Service' key type implies that a default service key is used.", "enum": [ "Account", "Service" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "queue": { "description": "Queue: The encryption function of the queue storage service.", "properties": { "enabled": { "description": "Enabled: A boolean indicating whether or not the service encrypts the data as it is stored. Encryption at rest is\nenabled by default today and cannot be disabled.", "type": "boolean" }, "keyType": { "description": "KeyType: Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped\nencryption key will be used. 'Service' key type implies that a default service key is used.", "enum": [ "Account", "Service" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "table": { "description": "Table: The encryption function of the table storage service.", "properties": { "enabled": { "description": "Enabled: A boolean indicating whether or not the service encrypts the data as it is stored. Encryption at rest is\nenabled by default today and cannot be disabled.", "type": "boolean" }, "keyType": { "description": "KeyType: Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped\nencryption key will be used. 'Service' key type implies that a default service key is used.", "enum": [ "Account", "Service" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "extendedLocation": { "description": "ExtendedLocation: Optional. Set the extended location of the resource. If not set, the storage account will be created\nin Azure main region. Otherwise it will be created in the specified extended location", "properties": { "name": { "description": "Name: The name of the extended location.", "type": "string" }, "type": { "description": "Type: The type of the extended location.", "enum": [ "EdgeZone" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "identity": { "description": "Identity: The identity of the resource.", "properties": { "type": { "description": "Type: The identity type.", "enum": [ "None", "SystemAssigned", "SystemAssigned,UserAssigned", "UserAssigned" ], "type": "string" }, "userAssignedIdentities": { "description": "UserAssignedIdentities: Gets or sets a list of key value pairs that describe the set of User Assigned identities that\nwill be used with this storage account. The key is the ARM resource identifier of the identity. Only 1 User Assigned\nidentity is permitted here.", "items": { "description": "Information about the user assigned identity for the resource", "properties": { "reference": { "description": "ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID", "properties": { "armId": { "description": "ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.\nThe /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level\nARMID is mutually exclusive with Group, Kind, Namespace and Name.", "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "group": { "description": "Group is the Kubernetes group of the resource.", "type": "string" }, "kind": { "description": "Kind is the Kubernetes kind of the resource.", "type": "string" }, "name": { "description": "Name is the Kubernetes name of the resource.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "type" ], "type": "object", "additionalProperties": false }, "immutableStorageWithVersioning": { "description": "ImmutableStorageWithVersioning: The property is immutable and can only be set to true at the account creation time. When\nset to true, it enables object level immutability for all the new containers in the account by default.", "properties": { "enabled": { "description": "Enabled: A boolean flag which enables account-level immutability. All the containers under such an account have\nobject-level immutability enabled by default.", "type": "boolean" }, "immutabilityPolicy": { "description": "ImmutabilityPolicy: Specifies the default account-level immutability policy which is inherited and applied to objects\nthat do not possess an explicit immutability policy at the object level. The object-level immutability policy has higher\nprecedence than the container-level immutability policy, which has a higher precedence than the account-level\nimmutability policy.", "properties": { "allowProtectedAppendWrites": { "description": "AllowProtectedAppendWrites: This property can only be changed for disabled and unlocked time-based retention policies.\nWhen enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only\nnew blocks can be added and any existing blocks cannot be modified or deleted.", "type": "boolean" }, "immutabilityPeriodSinceCreationInDays": { "description": "ImmutabilityPeriodSinceCreationInDays: The immutability period for the blobs in the container since the policy creation,\nin days.", "maximum": 146000, "minimum": 1, "type": "integer" }, "state": { "description": "State: The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state\nallows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites\nproperty, Locked state only allows the increase of the immutability retention time. A policy can only be created in a\nDisabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition\nto a Locked state which cannot be reverted.", "enum": [ "Disabled", "Locked", "Unlocked" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "isHnsEnabled": { "description": "IsHnsEnabled: Account HierarchicalNamespace enabled if sets to true.", "type": "boolean" }, "isLocalUserEnabled": { "description": "IsLocalUserEnabled: Enables local users feature, if set to true", "type": "boolean" }, "isNfsV3Enabled": { "description": "IsNfsV3Enabled: NFS 3.0 protocol support enabled if set to true.", "type": "boolean" }, "isSftpEnabled": { "description": "IsSftpEnabled: Enables Secure File Transfer Protocol, if set to true", "type": "boolean" }, "keyPolicy": { "description": "KeyPolicy: KeyPolicy assigned to the storage account.", "properties": { "keyExpirationPeriodInDays": { "description": "KeyExpirationPeriodInDays: The key expiration period in days.", "type": "integer" } }, "required": [ "keyExpirationPeriodInDays" ], "type": "object", "additionalProperties": false }, "kind": { "description": "Kind: Required. Indicates the type of storage account.", "enum": [ "BlobStorage", "BlockBlobStorage", "FileStorage", "Storage", "StorageV2" ], "type": "string" }, "largeFileSharesState": { "description": "LargeFileSharesState: Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.", "enum": [ "Disabled", "Enabled" ], "type": "string" }, "location": { "description": "Location: Required. Gets or sets the location of the resource. This will be one of the supported and registered Azure\nGeo Regions (e.g. West US, East US, Southeast Asia, etc.). The geo region of a resource cannot be changed once it is\ncreated, but if an identical geo region is specified on update, the request will succeed.", "type": "string" }, "minimumTlsVersion": { "description": "MinimumTlsVersion: Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS\n1.0 for this property.", "enum": [ "TLS1_0", "TLS1_1", "TLS1_2" ], "type": "string" }, "networkAcls": { "description": "NetworkAcls: Network rule set", "properties": { "bypass": { "description": "Bypass: Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of\nLogging|Metrics|AzureServices (For example, \"Logging, Metrics\"), or None to bypass none of those traffics.", "type": "string" }, "defaultAction": { "description": "DefaultAction: Specifies the default action of allow or deny when no other rules match.", "enum": [ "Allow", "Deny" ], "type": "string" }, "ipRules": { "description": "IpRules: Sets the IP ACL rules", "items": { "description": "IP rule with specific IP or IP range in CIDR format.", "properties": { "action": { "description": "Action: The action of IP ACL rule.", "enum": [ "Allow" ], "type": "string" }, "value": { "description": "Value: Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.", "type": "string" } }, "required": [ "value" ], "type": "object", "additionalProperties": false }, "type": "array" }, "resourceAccessRules": { "description": "ResourceAccessRules: Sets the resource access rules", "items": { "description": "Resource Access Rule.", "properties": { "resourceReference": { "description": "ResourceReference: Resource Id", "properties": { "armId": { "description": "ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.\nThe /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level\nARMID is mutually exclusive with Group, Kind, Namespace and Name.", "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "group": { "description": "Group is the Kubernetes group of the resource.", "type": "string" }, "kind": { "description": "Kind is the Kubernetes kind of the resource.", "type": "string" }, "name": { "description": "Name is the Kubernetes name of the resource.", "type": "string" } }, "type": "object", "additionalProperties": false }, "tenantId": { "description": "TenantId: Tenant Id", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "virtualNetworkRules": { "description": "VirtualNetworkRules: Sets the virtual network rules", "items": { "description": "Virtual Network rule.", "properties": { "action": { "description": "Action: The action of virtual network rule.", "enum": [ "Allow" ], "type": "string" }, "reference": { "description": "Reference: Resource ID of a subnet, for example:\n/subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.", "properties": { "armId": { "description": "ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.\nThe /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level\nARMID is mutually exclusive with Group, Kind, Namespace and Name.", "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "group": { "description": "Group is the Kubernetes group of the resource.", "type": "string" }, "kind": { "description": "Kind is the Kubernetes kind of the resource.", "type": "string" }, "name": { "description": "Name is the Kubernetes name of the resource.", "type": "string" } }, "type": "object", "additionalProperties": false }, "state": { "description": "State: Gets the state of virtual network rule.", "enum": [ "Deprovisioning", "Failed", "NetworkSourceDeleted", "Provisioning", "Succeeded" ], "type": "string" } }, "required": [ "reference" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "defaultAction" ], "type": "object", "additionalProperties": false }, "operatorSpec": { "description": "OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not\npassed directly to Azure", "properties": { "configMapExpressions": { "description": "ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).", "items": { "description": "DestinationExpression is a CEL expression and a destination to store the result in. The destination may\nbe a secret or a configmap. The value of the expression is stored at the specified location in\nthe destination.", "properties": { "key": { "description": "Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string\nthis is required to identify what key to write to. If the CEL expression in Value returns a map[string]string\nKey must not be set, instead the keys written will be determined dynamically based on the keys of the resulting\nmap[string]string.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap or secret to write to.\nThe configmap or secret will be created in the same namespace as the resource.", "type": "string" }, "value": { "description": "Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information\non CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/", "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" }, "configMaps": { "description": "ConfigMaps: configures where to place operator written ConfigMaps.", "properties": { "blobEndpoint": { "description": "BlobEndpoint: indicates where the BlobEndpoint config map should be placed. If omitted, no config map will be created.", "properties": { "key": { "description": "Key is the key in the ConfigMap being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes ConfigMap to write to.\nThe ConfigMap will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "dfsEndpoint": { "description": "DfsEndpoint: indicates where the DfsEndpoint config map should be placed. If omitted, no config map will be created.", "properties": { "key": { "description": "Key is the key in the ConfigMap being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes ConfigMap to write to.\nThe ConfigMap will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "fileEndpoint": { "description": "FileEndpoint: indicates where the FileEndpoint config map should be placed. If omitted, no config map will be created.", "properties": { "key": { "description": "Key is the key in the ConfigMap being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes ConfigMap to write to.\nThe ConfigMap will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "queueEndpoint": { "description": "QueueEndpoint: indicates where the QueueEndpoint config map should be placed. If omitted, no config map will be created.", "properties": { "key": { "description": "Key is the key in the ConfigMap being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes ConfigMap to write to.\nThe ConfigMap will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "tableEndpoint": { "description": "TableEndpoint: indicates where the TableEndpoint config map should be placed. If omitted, no config map will be created.", "properties": { "key": { "description": "Key is the key in the ConfigMap being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes ConfigMap to write to.\nThe ConfigMap will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "webEndpoint": { "description": "WebEndpoint: indicates where the WebEndpoint config map should be placed. If omitted, no config map will be created.", "properties": { "key": { "description": "Key is the key in the ConfigMap being referenced", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes ConfigMap to write to.\nThe ConfigMap will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "secretExpressions": { "description": "SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).", "items": { "description": "DestinationExpression is a CEL expression and a destination to store the result in. The destination may\nbe a secret or a configmap. The value of the expression is stored at the specified location in\nthe destination.", "properties": { "key": { "description": "Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string\nthis is required to identify what key to write to. If the CEL expression in Value returns a map[string]string\nKey must not be set, instead the keys written will be determined dynamically based on the keys of the resulting\nmap[string]string.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap or secret to write to.\nThe configmap or secret will be created in the same namespace as the resource.", "type": "string" }, "value": { "description": "Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information\non CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/", "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" }, "secrets": { "description": "Secrets: configures where to place Azure generated secrets.", "properties": { "blobEndpoint": { "description": "BlobEndpoint: indicates where the BlobEndpoint secret should be placed. If omitted, the secret will not be retrieved\nfrom Azure.", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret to write to.\nThe secret will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "dfsEndpoint": { "description": "DfsEndpoint: indicates where the DfsEndpoint secret should be placed. If omitted, the secret will not be retrieved from\nAzure.", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret to write to.\nThe secret will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "fileEndpoint": { "description": "FileEndpoint: indicates where the FileEndpoint secret should be placed. If omitted, the secret will not be retrieved\nfrom Azure.", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret to write to.\nThe secret will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "key1": { "description": "Key1: indicates where the Key1 secret should be placed. If omitted, the secret will not be retrieved from Azure.", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret to write to.\nThe secret will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "key2": { "description": "Key2: indicates where the Key2 secret should be placed. If omitted, the secret will not be retrieved from Azure.", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret to write to.\nThe secret will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "queueEndpoint": { "description": "QueueEndpoint: indicates where the QueueEndpoint secret should be placed. If omitted, the secret will not be retrieved\nfrom Azure.", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret to write to.\nThe secret will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "tableEndpoint": { "description": "TableEndpoint: indicates where the TableEndpoint secret should be placed. If omitted, the secret will not be retrieved\nfrom Azure.", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret to write to.\nThe secret will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "webEndpoint": { "description": "WebEndpoint: indicates where the WebEndpoint secret should be placed. If omitted, the secret will not be retrieved from\nAzure.", "properties": { "key": { "description": "Key is the key in the Kubernetes secret being referenced.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes secret to write to.\nThe secret will be created in the same namespace as the resource.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "owner": { "description": "Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also\ncontrols the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a\nreference to a resources.azure.com/ResourceGroup resource", "properties": { "armId": { "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "name": { "description": "This is the name of the Kubernetes resource to reference.", "type": "string" } }, "type": "object", "additionalProperties": false }, "publicNetworkAccess": { "description": "PublicNetworkAccess: Allow or disallow public network access to Storage Account. Value is optional but if passed in,\nmust be 'Enabled' or 'Disabled'.", "enum": [ "Disabled", "Enabled" ], "type": "string" }, "routingPreference": { "description": "RoutingPreference: Maintains information about the network routing choice opted by the user for data transfer", "properties": { "publishInternetEndpoints": { "description": "PublishInternetEndpoints: A boolean flag which indicates whether internet routing storage endpoints are to be published", "type": "boolean" }, "publishMicrosoftEndpoints": { "description": "PublishMicrosoftEndpoints: A boolean flag which indicates whether microsoft routing storage endpoints are to be published", "type": "boolean" }, "routingChoice": { "description": "RoutingChoice: Routing Choice defines the kind of network routing opted by the user.", "enum": [ "InternetRouting", "MicrosoftRouting" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "sasPolicy": { "description": "SasPolicy: SasPolicy assigned to the storage account.", "properties": { "expirationAction": { "description": "ExpirationAction: The SAS expiration action. Can only be Log.", "enum": [ "Log" ], "type": "string" }, "sasExpirationPeriod": { "description": "SasExpirationPeriod: The SAS expiration period, DD.HH:MM:SS.", "type": "string" } }, "required": [ "expirationAction", "sasExpirationPeriod" ], "type": "object", "additionalProperties": false }, "sku": { "description": "Sku: Required. Gets or sets the SKU name.", "properties": { "name": { "description": "Name: The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called\n accountType.", "enum": [ "Premium_LRS", "Premium_ZRS", "Standard_GRS", "Standard_GZRS", "Standard_LRS", "Standard_RAGRS", "Standard_RAGZRS", "Standard_ZRS" ], "type": "string" }, "tier": { "description": "Tier: The SKU tier. This is based on the SKU name.", "enum": [ "Premium", "Standard" ], "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "supportsHttpsTrafficOnly": { "description": "SupportsHttpsTrafficOnly: Allows https traffic only to storage service if sets to true. The default value is true since\nAPI version 2019-04-01.", "type": "boolean" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags: Gets or sets a list of key value pairs that describe the resource. These tags can be used for viewing and grouping\nthis resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key\nwith a length no greater than 128 characters and a value with a length no greater than 256 characters.", "type": "object" } }, "required": [ "kind", "location", "owner", "sku" ], "type": "object", "additionalProperties": false }, "status": { "description": "The storage account.", "properties": { "accessTier": { "description": "AccessTier: Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium'\naccess tier is the default value for premium block blobs storage account type and it cannot be changed for the premium\nblock blobs storage account type.", "type": "string" }, "accountMigrationInProgress": { "description": "AccountMigrationInProgress: If customer initiated account migration is in progress, the value will be true else it will\nbe null.", "type": "boolean" }, "allowBlobPublicAccess": { "description": "AllowBlobPublicAccess: Allow or disallow public access to all blobs or containers in the storage account. The default\ninterpretation is false for this property.", "type": "boolean" }, "allowCrossTenantReplication": { "description": "AllowCrossTenantReplication: Allow or disallow cross AAD tenant object replication. Set this property to true for new or\nexisting accounts only if object replication policies will involve storage accounts in different AAD tenants. The\ndefault interpretation is false for new accounts to follow best security practices by default.", "type": "boolean" }, "allowSharedKeyAccess": { "description": "AllowSharedKeyAccess: Indicates whether the storage account permits requests to be authorized with the account access\nkey via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure\nActive Directory (Azure AD). The default value is null, which is equivalent to true.", "type": "boolean" }, "allowedCopyScope": { "description": "AllowedCopyScope: Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.", "type": "string" }, "azureFilesIdentityBasedAuthentication": { "description": "AzureFilesIdentityBasedAuthentication: Provides the identity based authentication settings for Azure Files.", "properties": { "activeDirectoryProperties": { "description": "ActiveDirectoryProperties: Required if directoryServiceOptions are AD, optional if they are AADKERB.", "properties": { "accountType": { "description": "AccountType: Specifies the Active Directory account type for Azure Storage.", "type": "string" }, "azureStorageSid": { "description": "AzureStorageSid: Specifies the security identifier (SID) for Azure Storage.", "type": "string" }, "domainGuid": { "description": "DomainGuid: Specifies the domain GUID.", "type": "string" }, "domainName": { "description": "DomainName: Specifies the primary domain that the AD DNS server is authoritative for.", "type": "string" }, "domainSid": { "description": "DomainSid: Specifies the security identifier (SID).", "type": "string" }, "forestName": { "description": "ForestName: Specifies the Active Directory forest to get.", "type": "string" }, "netBiosDomainName": { "description": "NetBiosDomainName: Specifies the NetBIOS domain name.", "type": "string" }, "samAccountName": { "description": "SamAccountName: Specifies the Active Directory SAMAccountName for Azure Storage.", "type": "string" } }, "type": "object", "additionalProperties": false }, "defaultSharePermission": { "description": "DefaultSharePermission: Default share permission for users using Kerberos authentication if RBAC role is not assigned.", "type": "string" }, "directoryServiceOptions": { "description": "DirectoryServiceOptions: Indicates the directory service used. Note that this enum may be extended in the future.", "type": "string" } }, "type": "object", "additionalProperties": false }, "blobRestoreStatus": { "description": "BlobRestoreStatus: Blob restore status", "properties": { "failureReason": { "description": "FailureReason: Failure reason when blob restore is failed.", "type": "string" }, "parameters": { "description": "Parameters: Blob restore request parameters.", "properties": { "blobRanges": { "description": "BlobRanges: Blob ranges to restore.", "items": { "description": "Blob range", "properties": { "endRange": { "description": "EndRange: Blob end range. This is exclusive. Empty means account end.", "type": "string" }, "startRange": { "description": "StartRange: Blob start range. This is inclusive. Empty means account start.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "timeToRestore": { "description": "TimeToRestore: Restore blob to the specified time.", "type": "string" } }, "type": "object", "additionalProperties": false }, "restoreId": { "description": "RestoreId: Id for tracking blob restore request.", "type": "string" }, "status": { "description": "Status: The status of blob restore progress. Possible values are: - InProgress: Indicates that blob restore is ongoing.\n- Complete: Indicates that blob restore has been completed successfully. - Failed: Indicates that blob restore is failed.", "type": "string" } }, "type": "object", "additionalProperties": false }, "conditions": { "description": "Conditions: The observed state of the resource", "items": { "description": "Condition defines an extension to status (an observation) of a resource", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time the condition transitioned from one status to another.", "format": "date-time", "type": "string" }, "message": { "description": "Message is a human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if\n.metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "Reason for the condition's last transition.\nReasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty.", "type": "string" }, "severity": { "description": "Severity with which to treat failures of this type of condition.\nFor conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True\nFor conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False.\nThis is omitted in all cases when Status == Unknown", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, or Unknown.", "type": "string" }, "type": { "description": "Type of condition.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "creationTime": { "description": "CreationTime: Gets the creation date and time of the storage account in UTC.", "type": "string" }, "customDomain": { "description": "CustomDomain: Gets the custom domain the user assigned to this storage account.", "properties": { "name": { "description": "Name: Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source.", "type": "string" }, "useSubDomainName": { "description": "UseSubDomainName: Indicates whether indirect CName validation is enabled. Default value is false. This should only be\nset on updates.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "defaultToOAuthAuthentication": { "description": "DefaultToOAuthAuthentication: A boolean flag which indicates whether the default authentication is OAuth or not. The\ndefault interpretation is false for this property.", "type": "boolean" }, "dnsEndpointType": { "description": "DnsEndpointType: Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of\naccounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an\nalphanumeric DNS Zone identifier.", "type": "string" }, "encryption": { "description": "Encryption: Encryption settings to be used for server-side encryption for the storage account.", "properties": { "identity": { "description": "Identity: The identity to be used with service-side encryption at rest.", "properties": { "federatedIdentityClientId": { "description": "FederatedIdentityClientId: ClientId of the multi-tenant application to be used in conjunction with the user-assigned\nidentity for cross-tenant customer-managed-keys server-side encryption on the storage account.", "type": "string" }, "userAssignedIdentity": { "description": "UserAssignedIdentity: Resource identifier of the UserAssigned identity to be associated with server-side encryption on\nthe storage account.", "type": "string" } }, "type": "object", "additionalProperties": false }, "keySource": { "description": "KeySource: The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage,\nMicrosoft.Keyvault", "type": "string" }, "keyvaultproperties": { "description": "Keyvaultproperties: Properties provided by key vault.", "properties": { "currentVersionedKeyExpirationTimestamp": { "description": "CurrentVersionedKeyExpirationTimestamp: This is a read only property that represents the expiration time of the current\nversion of the customer managed key used for encryption.", "type": "string" }, "currentVersionedKeyIdentifier": { "description": "CurrentVersionedKeyIdentifier: The object identifier of the current versioned Key Vault Key in use.", "type": "string" }, "keyname": { "description": "Keyname: The name of KeyVault key.", "type": "string" }, "keyvaulturi": { "description": "Keyvaulturi: The Uri of KeyVault.", "type": "string" }, "keyversion": { "description": "Keyversion: The version of KeyVault key.", "type": "string" }, "lastKeyRotationTimestamp": { "description": "LastKeyRotationTimestamp: Timestamp of last rotation of the Key Vault Key.", "type": "string" } }, "type": "object", "additionalProperties": false }, "requireInfrastructureEncryption": { "description": "RequireInfrastructureEncryption: A boolean indicating whether or not the service applies a secondary layer of encryption\nwith platform managed keys for data at rest.", "type": "boolean" }, "services": { "description": "Services: List of services which support encryption.", "properties": { "blob": { "description": "Blob: The encryption function of the blob storage service.", "properties": { "enabled": { "description": "Enabled: A boolean indicating whether or not the service encrypts the data as it is stored. Encryption at rest is\nenabled by default today and cannot be disabled.", "type": "boolean" }, "keyType": { "description": "KeyType: Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped\nencryption key will be used. 'Service' key type implies that a default service key is used.", "type": "string" }, "lastEnabledTime": { "description": "LastEnabledTime: Gets a rough estimate of the date/time when the encryption was last enabled by the user. Data is\nencrypted at rest by default today and cannot be disabled.", "type": "string" } }, "type": "object", "additionalProperties": false }, "file": { "description": "File: The encryption function of the file storage service.", "properties": { "enabled": { "description": "Enabled: A boolean indicating whether or not the service encrypts the data as it is stored. Encryption at rest is\nenabled by default today and cannot be disabled.", "type": "boolean" }, "keyType": { "description": "KeyType: Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped\nencryption key will be used. 'Service' key type implies that a default service key is used.", "type": "string" }, "lastEnabledTime": { "description": "LastEnabledTime: Gets a rough estimate of the date/time when the encryption was last enabled by the user. Data is\nencrypted at rest by default today and cannot be disabled.", "type": "string" } }, "type": "object", "additionalProperties": false }, "queue": { "description": "Queue: The encryption function of the queue storage service.", "properties": { "enabled": { "description": "Enabled: A boolean indicating whether or not the service encrypts the data as it is stored. Encryption at rest is\nenabled by default today and cannot be disabled.", "type": "boolean" }, "keyType": { "description": "KeyType: Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped\nencryption key will be used. 'Service' key type implies that a default service key is used.", "type": "string" }, "lastEnabledTime": { "description": "LastEnabledTime: Gets a rough estimate of the date/time when the encryption was last enabled by the user. Data is\nencrypted at rest by default today and cannot be disabled.", "type": "string" } }, "type": "object", "additionalProperties": false }, "table": { "description": "Table: The encryption function of the table storage service.", "properties": { "enabled": { "description": "Enabled: A boolean indicating whether or not the service encrypts the data as it is stored. Encryption at rest is\nenabled by default today and cannot be disabled.", "type": "boolean" }, "keyType": { "description": "KeyType: Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped\nencryption key will be used. 'Service' key type implies that a default service key is used.", "type": "string" }, "lastEnabledTime": { "description": "LastEnabledTime: Gets a rough estimate of the date/time when the encryption was last enabled by the user. Data is\nencrypted at rest by default today and cannot be disabled.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "extendedLocation": { "description": "ExtendedLocation: The extendedLocation of the resource.", "properties": { "name": { "description": "Name: The name of the extended location.", "type": "string" }, "type": { "description": "Type: The type of the extended location.", "type": "string" } }, "type": "object", "additionalProperties": false }, "failoverInProgress": { "description": "FailoverInProgress: If the failover is in progress, the value will be true, otherwise, it will be null.", "type": "boolean" }, "geoReplicationStats": { "description": "GeoReplicationStats: Geo Replication Stats", "properties": { "canFailover": { "description": "CanFailover: A boolean flag which indicates whether or not account failover is supported for the account.", "type": "boolean" }, "canPlannedFailover": { "description": "CanPlannedFailover: A boolean flag which indicates whether or not planned account failover is supported for the account.", "type": "boolean" }, "lastSyncTime": { "description": "LastSyncTime: All primary writes preceding this UTC date/time value are guaranteed to be available for read operations.\nPrimary writes following this point in time may or may not be available for reads. Element may be default value if value\nof LastSyncTime is not available, this can happen if secondary is offline or we are in bootstrap.", "type": "string" }, "postFailoverRedundancy": { "description": "PostFailoverRedundancy: The redundancy type of the account after an account failover is performed.", "type": "string" }, "postPlannedFailoverRedundancy": { "description": "PostPlannedFailoverRedundancy: The redundancy type of the account after a planned account failover is performed.", "type": "string" }, "status": { "description": "Status: The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is\nactive and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary\nlocation is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the\nsecondary location is temporarily unavailable.", "type": "string" } }, "type": "object", "additionalProperties": false }, "id": { "description": "Id: Fully qualified resource ID for the resource. Ex -\n/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}", "type": "string" }, "identity": { "description": "Identity: The identity of the resource.", "properties": { "principalId": { "description": "PrincipalId: The principal ID of resource identity.", "type": "string" }, "tenantId": { "description": "TenantId: The tenant ID of resource.", "type": "string" }, "type": { "description": "Type: The identity type.", "type": "string" }, "userAssignedIdentities": { "additionalProperties": { "description": "UserAssignedIdentity for the resource.", "properties": { "clientId": { "description": "ClientId: The client ID of the identity.", "type": "string" }, "principalId": { "description": "PrincipalId: The principal ID of the identity.", "type": "string" } }, "type": "object", "additionalProperties": false }, "description": "UserAssignedIdentities: Gets or sets a list of key value pairs that describe the set of User Assigned identities that\nwill be used with this storage account. The key is the ARM resource identifier of the identity. Only 1 User Assigned\nidentity is permitted here.", "type": "object" } }, "type": "object", "additionalProperties": false }, "immutableStorageWithVersioning": { "description": "ImmutableStorageWithVersioning: The property is immutable and can only be set to true at the account creation time. When\nset to true, it enables object level immutability for all the containers in the account by default.", "properties": { "enabled": { "description": "Enabled: A boolean flag which enables account-level immutability. All the containers under such an account have\nobject-level immutability enabled by default.", "type": "boolean" }, "immutabilityPolicy": { "description": "ImmutabilityPolicy: Specifies the default account-level immutability policy which is inherited and applied to objects\nthat do not possess an explicit immutability policy at the object level. The object-level immutability policy has higher\nprecedence than the container-level immutability policy, which has a higher precedence than the account-level\nimmutability policy.", "properties": { "allowProtectedAppendWrites": { "description": "AllowProtectedAppendWrites: This property can only be changed for disabled and unlocked time-based retention policies.\nWhen enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only\nnew blocks can be added and any existing blocks cannot be modified or deleted.", "type": "boolean" }, "immutabilityPeriodSinceCreationInDays": { "description": "ImmutabilityPeriodSinceCreationInDays: The immutability period for the blobs in the container since the policy creation,\nin days.", "type": "integer" }, "state": { "description": "State: The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state\nallows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites\nproperty, Locked state only allows the increase of the immutability retention time. A policy can only be created in a\nDisabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition\nto a Locked state which cannot be reverted.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "isHnsEnabled": { "description": "IsHnsEnabled: Account HierarchicalNamespace enabled if sets to true.", "type": "boolean" }, "isLocalUserEnabled": { "description": "IsLocalUserEnabled: Enables local users feature, if set to true", "type": "boolean" }, "isNfsV3Enabled": { "description": "IsNfsV3Enabled: NFS 3.0 protocol support enabled if set to true.", "type": "boolean" }, "isSftpEnabled": { "description": "IsSftpEnabled: Enables Secure File Transfer Protocol, if set to true", "type": "boolean" }, "isSkuConversionBlocked": { "description": "IsSkuConversionBlocked: This property will be set to true or false on an event of ongoing migration. Default value is\nnull.", "type": "boolean" }, "keyCreationTime": { "description": "KeyCreationTime: Storage account keys creation time.", "properties": { "key1": { "type": "string" }, "key2": { "type": "string" } }, "type": "object", "additionalProperties": false }, "keyPolicy": { "description": "KeyPolicy: KeyPolicy assigned to the storage account.", "properties": { "keyExpirationPeriodInDays": { "description": "KeyExpirationPeriodInDays: The key expiration period in days.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "kind": { "description": "Kind: Gets the Kind.", "type": "string" }, "largeFileSharesState": { "description": "LargeFileSharesState: Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.", "type": "string" }, "lastGeoFailoverTime": { "description": "LastGeoFailoverTime: Gets the timestamp of the most recent instance of a failover to the secondary location. Only the\nmost recent timestamp is retained. This element is not returned if there has never been a failover instance. Only\navailable if the accountType is Standard_GRS or Standard_RAGRS.", "type": "string" }, "location": { "description": "Location: The geo-location where the resource lives", "type": "string" }, "minimumTlsVersion": { "description": "MinimumTlsVersion: Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS\n1.0 for this property.", "type": "string" }, "name": { "description": "Name: The name of the resource", "type": "string" }, "networkAcls": { "description": "NetworkAcls: Network rule set", "properties": { "bypass": { "description": "Bypass: Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of\nLogging|Metrics|AzureServices (For example, \"Logging, Metrics\"), or None to bypass none of those traffics.", "type": "string" }, "defaultAction": { "description": "DefaultAction: Specifies the default action of allow or deny when no other rules match.", "type": "string" }, "ipRules": { "description": "IpRules: Sets the IP ACL rules", "items": { "description": "IP rule with specific IP or IP range in CIDR format.", "properties": { "action": { "description": "Action: The action of IP ACL rule.", "type": "string" }, "value": { "description": "Value: Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "resourceAccessRules": { "description": "ResourceAccessRules: Sets the resource access rules", "items": { "description": "Resource Access Rule.", "properties": { "resourceId": { "description": "ResourceId: Resource Id", "type": "string" }, "tenantId": { "description": "TenantId: Tenant Id", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "virtualNetworkRules": { "description": "VirtualNetworkRules: Sets the virtual network rules", "items": { "description": "Virtual Network rule.", "properties": { "action": { "description": "Action: The action of virtual network rule.", "type": "string" }, "id": { "description": "Id: Resource ID of a subnet, for example:\n/subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.", "type": "string" }, "state": { "description": "State: Gets the state of virtual network rule.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "primaryEndpoints": { "description": "PrimaryEndpoints: Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object. Note that\nStandard_ZRS and Premium_LRS accounts only return the blob endpoint.", "properties": { "blob": { "description": "Blob: Gets the blob endpoint.", "type": "string" }, "dfs": { "description": "Dfs: Gets the dfs endpoint.", "type": "string" }, "file": { "description": "File: Gets the file endpoint.", "type": "string" }, "internetEndpoints": { "description": "InternetEndpoints: Gets the internet routing storage endpoints", "properties": { "blob": { "description": "Blob: Gets the blob endpoint.", "type": "string" }, "dfs": { "description": "Dfs: Gets the dfs endpoint.", "type": "string" }, "file": { "description": "File: Gets the file endpoint.", "type": "string" }, "web": { "description": "Web: Gets the web endpoint.", "type": "string" } }, "type": "object", "additionalProperties": false }, "microsoftEndpoints": { "description": "MicrosoftEndpoints: Gets the microsoft routing storage endpoints.", "properties": { "blob": { "description": "Blob: Gets the blob endpoint.", "type": "string" }, "dfs": { "description": "Dfs: Gets the dfs endpoint.", "type": "string" }, "file": { "description": "File: Gets the file endpoint.", "type": "string" }, "queue": { "description": "Queue: Gets the queue endpoint.", "type": "string" }, "table": { "description": "Table: Gets the table endpoint.", "type": "string" }, "web": { "description": "Web: Gets the web endpoint.", "type": "string" } }, "type": "object", "additionalProperties": false }, "queue": { "description": "Queue: Gets the queue endpoint.", "type": "string" }, "table": { "description": "Table: Gets the table endpoint.", "type": "string" }, "web": { "description": "Web: Gets the web endpoint.", "type": "string" } }, "type": "object", "additionalProperties": false }, "primaryLocation": { "description": "PrimaryLocation: Gets the location of the primary data center for the storage account.", "type": "string" }, "privateEndpointConnections": { "description": "PrivateEndpointConnections: List of private endpoint connection associated with the specified storage account", "items": { "description": "The Private Endpoint Connection resource.", "properties": { "id": { "description": "Id: Fully qualified resource ID for the resource. Ex -\n/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "provisioningState": { "description": "ProvisioningState: Gets the status of the storage account at the time the operation was called.", "type": "string" }, "publicNetworkAccess": { "description": "PublicNetworkAccess: Allow or disallow public network access to Storage Account. Value is optional but if passed in,\nmust be 'Enabled' or 'Disabled'.", "type": "string" }, "routingPreference": { "description": "RoutingPreference: Maintains information about the network routing choice opted by the user for data transfer", "properties": { "publishInternetEndpoints": { "description": "PublishInternetEndpoints: A boolean flag which indicates whether internet routing storage endpoints are to be published", "type": "boolean" }, "publishMicrosoftEndpoints": { "description": "PublishMicrosoftEndpoints: A boolean flag which indicates whether microsoft routing storage endpoints are to be published", "type": "boolean" }, "routingChoice": { "description": "RoutingChoice: Routing Choice defines the kind of network routing opted by the user.", "type": "string" } }, "type": "object", "additionalProperties": false }, "sasPolicy": { "description": "SasPolicy: SasPolicy assigned to the storage account.", "properties": { "expirationAction": { "description": "ExpirationAction: The SAS expiration action. Can only be Log.", "type": "string" }, "sasExpirationPeriod": { "description": "SasExpirationPeriod: The SAS expiration period, DD.HH:MM:SS.", "type": "string" } }, "type": "object", "additionalProperties": false }, "secondaryEndpoints": { "description": "SecondaryEndpoints: Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object from the\nsecondary location of the storage account. Only available if the SKU name is Standard_RAGRS.", "properties": { "blob": { "description": "Blob: Gets the blob endpoint.", "type": "string" }, "dfs": { "description": "Dfs: Gets the dfs endpoint.", "type": "string" }, "file": { "description": "File: Gets the file endpoint.", "type": "string" }, "internetEndpoints": { "description": "InternetEndpoints: Gets the internet routing storage endpoints", "properties": { "blob": { "description": "Blob: Gets the blob endpoint.", "type": "string" }, "dfs": { "description": "Dfs: Gets the dfs endpoint.", "type": "string" }, "file": { "description": "File: Gets the file endpoint.", "type": "string" }, "web": { "description": "Web: Gets the web endpoint.", "type": "string" } }, "type": "object", "additionalProperties": false }, "microsoftEndpoints": { "description": "MicrosoftEndpoints: Gets the microsoft routing storage endpoints.", "properties": { "blob": { "description": "Blob: Gets the blob endpoint.", "type": "string" }, "dfs": { "description": "Dfs: Gets the dfs endpoint.", "type": "string" }, "file": { "description": "File: Gets the file endpoint.", "type": "string" }, "queue": { "description": "Queue: Gets the queue endpoint.", "type": "string" }, "table": { "description": "Table: Gets the table endpoint.", "type": "string" }, "web": { "description": "Web: Gets the web endpoint.", "type": "string" } }, "type": "object", "additionalProperties": false }, "queue": { "description": "Queue: Gets the queue endpoint.", "type": "string" }, "table": { "description": "Table: Gets the table endpoint.", "type": "string" }, "web": { "description": "Web: Gets the web endpoint.", "type": "string" } }, "type": "object", "additionalProperties": false }, "secondaryLocation": { "description": "SecondaryLocation: Gets the location of the geo-replicated secondary for the storage account. Only available if the\naccountType is Standard_GRS or Standard_RAGRS.", "type": "string" }, "sku": { "description": "Sku: Gets the SKU.", "properties": { "name": { "description": "Name: The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called\n accountType.", "type": "string" }, "tier": { "description": "Tier: The SKU tier. This is based on the SKU name.", "type": "string" } }, "type": "object", "additionalProperties": false }, "statusOfPrimary": { "description": "StatusOfPrimary: Gets the status indicating whether the primary location of the storage account is available or\nunavailable.", "type": "string" }, "statusOfSecondary": { "description": "StatusOfSecondary: Gets the status indicating whether the secondary location of the storage account is available or\nunavailable. Only available if the SKU name is Standard_GRS or Standard_RAGRS.", "type": "string" }, "storageAccountSkuConversionStatus": { "description": "StorageAccountSkuConversionStatus: This property is readOnly and is set by server during asynchronous storage account\nsku conversion operations.", "properties": { "endTime": { "description": "EndTime: This property represents the sku conversion end time.", "type": "string" }, "skuConversionStatus": { "description": "SkuConversionStatus: This property indicates the current sku conversion status.", "type": "string" }, "startTime": { "description": "StartTime: This property represents the sku conversion start time.", "type": "string" }, "targetSkuName": { "description": "TargetSkuName: This property represents the target sku name to which the account sku is being converted asynchronously.", "type": "string" } }, "type": "object", "additionalProperties": false }, "supportsHttpsTrafficOnly": { "description": "SupportsHttpsTrafficOnly: Allows https traffic only to storage service if sets to true.", "type": "boolean" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags: Resource tags.", "type": "object" }, "type": { "description": "Type: The type of the resource. E.g. \"Microsoft.Compute/virtualMachines\" or \"Microsoft.Storage/storageAccounts\"", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }