diff --git a/specification/storage/resource-manager/Microsoft.Storage/preview/2020-08-01-preview/examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json b/specification/storage/resource-manager/Microsoft.Storage/preview/2020-08-01-preview/examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json new file mode 100644 index 000000000000..c98b0da9ce89 --- /dev/null +++ b/specification/storage/resource-manager/Microsoft.Storage/preview/2020-08-01-preview/examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json @@ -0,0 +1,121 @@ +{ + "parameters": { + "subscriptionId": "{subscription-id}", + "resourceGroupName": "res9101", + "accountName": "sto4445", + "api-version": "2020-08-01-preview", + "parameters": { + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {} + } + }, + "sku": { + "name": "Standard_LRS" + }, + "kind": "Storage", + "location": "eastus", + "properties": { + "encryption": { + "services": { + "file": { + "keyType": "Account", + "enabled": true + }, + "blob": { + "keyType": "Account", + "enabled": true + } + }, + "keyvaultproperties": { + "keyvaulturi": "https://myvault8569.vault.azure.net", + "keyname": "wrappingKey", + "keyversion": "" + }, + "keySource": "Microsoft.Keyvault", + "identity": { + "type": "ManagedServiceIdentity", + "userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "identity": { + "userAssignedIdentities": { + "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": { + "principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7", + "tenantId": "f14da12a-1e85-4c31-ae98-bcf5608d2266", + "clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5" + } + }, + "type": "UserAssigned" + }, + "sku": { + "name": "Standard_LRS", + "tier": "Standard" + }, + "kind": "StorageV2", + "id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445", + "name": "sto4445", + "type": "Microsoft.Storage/storageAccounts", + "location": "eastus", + "tags": {}, + "properties": { + "privateEndpointConnections": [], + "networkAcls": { + "bypass": "AzureServices", + "virtualNetworkRules": [], + "ipRules": [], + "defaultAction": "Allow" + }, + "supportsHttpsTrafficOnly": true, + "encryption": { + "identity": { + "type": "ManagedServiceIdentity", + "userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}" + }, + "keyvaultproperties": { + "keyvaulturi": "https://myvault8569.vault.azure.net", + "keyname": "wrappingKey", + "keyversion": "", + "currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad", + "lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z" + }, + "services": { + "file": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2020-12-15T00:43:14.1739587Z" + }, + "blob": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2020-12-15T00:43:14.1739587Z" + } + }, + "keySource": "Microsoft.Keyvault" + }, + "accessTier": "Hot", + "provisioningState": "Succeeded", + "creationTime": "2020-12-15T00:43:14.0839093Z", + "primaryEndpoints": { + "web": "https://sto4445.web.core.windows.net/", + "dfs": "https://sto4445.dfs.core.windows.net/", + "blob": "https://sto4445.blob.core.windows.net/", + "file": "https://sto4445.file.core.windows.net/", + "queue": "https://sto4445.queue.core.windows.net/", + "table": "https://sto4445.table.core.windows.net/" + }, + "primaryLocation": "eastus", + "statusOfPrimary": "available" + } + } + }, + "202": {} + } +} diff --git a/specification/storage/resource-manager/Microsoft.Storage/preview/2020-08-01-preview/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json b/specification/storage/resource-manager/Microsoft.Storage/preview/2020-08-01-preview/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json new file mode 100644 index 000000000000..db5e78ed1dd8 --- /dev/null +++ b/specification/storage/resource-manager/Microsoft.Storage/preview/2020-08-01-preview/examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json @@ -0,0 +1,119 @@ +{ + "parameters": { + "subscriptionId": "{subscription-id}", + "resourceGroupName": "res9101", + "accountName": "sto4445", + "api-version": "2020-08-01-preview", + "parameters": { + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {} + } + }, + "sku": { + "name": "Standard_LRS" + }, + "kind": "Storage", + "properties": { + "encryption": { + "services": { + "file": { + "keyType": "Account", + "enabled": true + }, + "blob": { + "keyType": "Account", + "enabled": true + } + }, + "keyvaultproperties": { + "keyvaulturi": "https://myvault8569.vault.azure.net", + "keyname": "wrappingKey", + "keyversion": "" + }, + "keySource": "Microsoft.Keyvault", + "identity": { + "type": "ManagedServiceIdentity", + "userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "identity": { + "userAssignedIdentities": { + "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": { + "principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7", + "tenantId": "f14da12a-1e85-4c31-ae98-bcf5608d2266", + "clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5" + } + }, + "type": "UserAssigned" + }, + "sku": { + "name": "Standard_LRS", + "tier": "Standard" + }, + "kind": "StorageV2", + "id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445", + "name": "sto4445", + "type": "Microsoft.Storage/storageAccounts", + "location": "eastus", + "tags": {}, + "properties": { + "privateEndpointConnections": [], + "networkAcls": { + "bypass": "AzureServices", + "virtualNetworkRules": [], + "ipRules": [], + "defaultAction": "Allow" + }, + "supportsHttpsTrafficOnly": true, + "encryption": { + "identity": { + "type": "ManagedServiceIdentity", + "userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}" + }, + "keyvaultproperties": { + "keyvaulturi": "https://myvault8569.vault.azure.net", + "keyname": "wrappingKey", + "keyversion": "", + "currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad", + "lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z" + }, + "services": { + "file": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2020-12-15T00:43:14.1739587Z" + }, + "blob": { + "keyType": "Account", + "enabled": true, + "lastEnabledTime": "2020-12-15T00:43:14.1739587Z" + } + }, + "keySource": "Microsoft.Keyvault" + }, + "accessTier": "Hot", + "provisioningState": "Succeeded", + "creationTime": "2020-12-15T00:43:14.0839093Z", + "primaryEndpoints": { + "web": "https://sto4445.web.core.windows.net/", + "dfs": "https://sto4445.dfs.core.windows.net/", + "blob": "https://sto4445.blob.core.windows.net/", + "file": "https://sto4445.file.core.windows.net/", + "queue": "https://sto4445.queue.core.windows.net/", + "table": "https://sto4445.table.core.windows.net/" + }, + "primaryLocation": "eastus", + "statusOfPrimary": "available" + } + } + } + } +} diff --git a/specification/storage/resource-manager/Microsoft.Storage/preview/2020-08-01-preview/storage.json b/specification/storage/resource-manager/Microsoft.Storage/preview/2020-08-01-preview/storage.json index 9b4b10b75728..58a50c04a44c 100644 --- a/specification/storage/resource-manager/Microsoft.Storage/preview/2020-08-01-preview/storage.json +++ b/specification/storage/resource-manager/Microsoft.Storage/preview/2020-08-01-preview/storage.json @@ -128,6 +128,9 @@ "x-ms-examples": { "StorageAccountCreate": { "$ref": "./examples/StorageAccountCreate.json" + }, + "StorageAccountCreateUserAssignedEncryptionIdentityWithCMK": { + "$ref": "./examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json" } }, "parameters": [ @@ -267,6 +270,9 @@ }, "StorageAccountEnableCMK": { "$ref": "./examples/StorageAccountEnableCMK.json" + }, + "StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK": { + "$ref": "./examples/StorageAccountUpdateUserAssignedEncryptionIdentityWithCMK.json" } }, "parameters": [ @@ -2132,6 +2138,28 @@ } } }, + "EncryptionIdentity": { + "description": "Identity to be used for server-side encryption on the storage account", + "properties": { + "userAssignedIdentity": { + "type": "string", + "description": "ResourceID of the UserAssignedIdentity to be associated with server-side encryption on the storage account.", + "x-ms-client-name": "UserAssignedIdentity" + }, + "type": { + "type": "string", + "description": "The Encryption Identity type.", + "enum": [ + "ManagedServiceIdentity", + "StorageService" + ], + "x-ms-enum": { + "name": "EncryptionIdentityType", + "modelAsString": true + } + } + } + }, "Encryption": { "properties": { "services": { @@ -2160,6 +2188,11 @@ "$ref": "#/definitions/KeyVaultProperties", "x-ms-client-name": "KeyVaultProperties", "description": "Properties provided by key vault." + }, + "identity": { + "$ref": "#/definitions/EncryptionIdentity", + "x-ms-client-name": "EncryptionIdentity", + "description": "Encryption Identity properties when storage account is associated with a UserAssignedIdentity." } }, "required": [ @@ -2446,6 +2479,26 @@ }, "description": "The parameters used to create the storage account." }, + "UserAssignedIdentityType": { + "properties": { + "principalId": { + "readOnly": true, + "type": "string", + "description": "The principal ID of resource identity." + }, + "tenantId": { + "readOnly": true, + "type": "string", + "description": "The tenant ID of resource." + }, + "clientId": { + "readOnly": true, + "type": "string", + "description": "The identity of the client" + } + }, + "description": "UserAssignedIdentity for the resource." + }, "Identity": { "properties": { "principalId": { @@ -2462,11 +2515,21 @@ "type": "string", "description": "The identity type.", "enum": [ - "SystemAssigned" + "SystemAssigned", + "UserAssigned", + "SystemAssigned,UserAssigned", + "None" ], "x-ms-enum": { "name": "IdentityType", - "modelAsString": false + "modelAsString": true + } + }, + "userAssignedIdentities": { + "type": "object", + "description": "Dictionary to map userAssignedIdentityID strings to userAssignedIdentity properties", + "additionalProperties": { + "$ref": "#/definitions/UserAssignedIdentityType" } } },