[Storage] `az storage account: New features for 2025-08-01

src/azure-cli/azure/cli/command_modules/storage/_params.py

@@ -323,10 +323,10 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
         c.argument('account_name', acct_name_type, options_list=['--name', '-n'], local_context_attribute=None)
 
     with self.argument_context('storage account create', resource_type=ResourceType.MGMT_STORAGE) as c:
-        t_account_type, t_sku_name, t_kind, t_tls_version, t_dns_endpoint_type, t_zone_placement_policy = \
-            self.get_models('AccountType', 'SkuName', 'Kind', 'MinimumTlsVersion', 'DnsEndpointType',
-                            'ZonePlacementPolicy',
-                            resource_type=ResourceType.MGMT_STORAGE)
+        (t_account_type, t_sku_name, t_kind, t_tls_version, t_dns_endpoint_type, t_zone_placement_policy,
+         t_allowed_copy_scope) = self.get_models('AccountType', 'SkuName', 'Kind', 'MinimumTlsVersion',
+                                                 'DnsEndpointType', 'ZonePlacementPolicy', 'AllowedCopyScope',
+                                                 resource_type=ResourceType.MGMT_STORAGE)
         t_identity_type = self.get_models('IdentityType', resource_type=ResourceType.MGMT_STORAGE)
         c.register_common_storage_account_options()
         c.argument('location', get_location_type(self.cli_ctx), validator=get_default_location_from_resource_group)
@@ -447,6 +447,9 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
         c.argument('publish_ipv6_endpoint', arg_type=get_three_state_flag(),
                    arg_group='IPv6 Endpoint', is_preview=True,
                    help='A boolean flag which indicates whether IPv6 storage endpoints are to be published.')
+        c.argument('allowed_copy_scope', arg_type=get_enum_type(t_allowed_copy_scope),
+                   help='Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the '
+                        'same VNet.')
 
     with self.argument_context('storage account private-endpoint-connection',
                                resource_type=ResourceType.MGMT_STORAGE) as c:
@@ -550,6 +553,9 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
         c.argument('publish_ipv6_endpoint', arg_type=get_three_state_flag(),
                    arg_group='IPv6 Endpoint', is_preview=True,
                    help='A boolean flag which indicates whether IPv6 storage endpoints are to be published.')
+        c.argument('allowed_copy_scope', arg_type=get_enum_type(t_allowed_copy_scope),
+                   help='Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the '
+                        'same VNet.')
 
     for scope in ['storage account create', 'storage account update']:
         with self.argument_context(scope, arg_group='Customer managed key',
@@ -726,6 +732,20 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
         c.argument('enable_last_access_tracking', arg_type=get_three_state_flag(),
                    options_list=['--enable-last-access-tracking', '-t'],
                    help='When set to true last access time based tracking policy is enabled.')
+        c.argument('enable_static_website', arg_type=get_three_state_flag(), arg_group='Static Website',
+                   help='Indicates whether static website support is enabled for the specified account.')
+        c.argument('index_document', arg_group='Static Website',
+                   help='The webpage that Azure Storage serves for requests to the root of a website or any subfolder '
+                        '(for example, index.html).')
+        c.argument('default_index_document_path', arg_group='Static Website',
+                   options_list=['--default-index-document-path', '--default-index'],
+                   help='The absolute path where the default index file is present. This absolute path is mutually '
+                        'exclusive to "indexDocument" and it is case-sensitive.')
+        c.argument('error_document_404_path', arg_group='Static Website',
+                   options_list=['--error-document-404-path', '--404-document'],
+                   help="The absolute path to a webpage that Azure Storage serves for requests that don't correspond "
+                        "to an existing file. The contents of the page are returned with HTTP 404 Not Found. "
+                        "Only a single custom 404 page is supported in each static website.")
 
     with self.argument_context('storage account blob-service-properties cors-rule',
                                resource_type=ResourceType.MGMT_STORAGE) as c:
@@ -838,6 +858,8 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
                    help='Indicates whether object replication metrics feature is enabled for the policy.')
         c.argument('priority_replication', arg_type=get_three_state_flag(),
                    help='Indicates whether object replication priority replication feature is enabled for the policy.')
+        c.argument('tags_replication', arg_type=get_three_state_flag(),
+                   help='Indicates whether object replication tags replication feature is enabled for the policy.')
 
     for item in ['create', 'update']:
         with self.argument_context('storage account or-policy {}'.format(item),

src/azure-cli/azure/cli/command_modules/storage/operations/account.py

@@ -79,7 +79,8 @@ def create_storage_account(cmd, resource_group_name, account_name, sku=None, loc
                            immutability_period_since_creation_in_days=None, immutability_policy_state=None,
                            allow_protected_append_writes=None, public_network_access=None, dns_endpoint_type=None,
                            enable_smb_oauth=None, zones=None, zone_placement_policy=None,
-                           enable_blob_geo_priority_replication=None, publish_ipv6_endpoint=None):
+                           enable_blob_geo_priority_replication=None, publish_ipv6_endpoint=None,
+                           allowed_copy_scope=None):
     StorageAccountCreateParameters, Kind, Sku, CustomDomain, AccessTier, Identity, Encryption, NetworkRuleSet = \
         cmd.get_models('StorageAccountCreateParameters', 'Kind', 'Sku', 'CustomDomain', 'AccessTier', 'Identity',
                        'Encryption', 'NetworkRuleSet')
@@ -334,6 +335,9 @@ def create_storage_account(cmd, resource_group_name, account_name, sku=None, loc
             publish_ipv6_endpoint=publish_ipv6_endpoint
         )
 
+    if allowed_copy_scope is not None:
+        params.allowed_copy_scope = allowed_copy_scope
+
     return scf.storage_accounts.begin_create(resource_group_name, account_name, params)
 
 
@@ -429,7 +433,8 @@ def update_storage_account(cmd, instance, sku=None, tags=None, custom_domain=Non
                            immutability_period_since_creation_in_days=None, immutability_policy_state=None,
                            allow_protected_append_writes=None, public_network_access=None, upgrade_to_storagev2=None,
                            yes=None, enable_smb_oauth=None, zones=None, zone_placement_policy=None,
-                           enable_blob_geo_priority_replication=None, publish_ipv6_endpoint=None):
+                           enable_blob_geo_priority_replication=None, publish_ipv6_endpoint=None,
+                           allowed_copy_scope=None):
     StorageAccountUpdateParameters, Sku, CustomDomain, AccessTier, Identity, Encryption, NetworkRuleSet, Kind = \
         cmd.get_models('StorageAccountUpdateParameters', 'Sku', 'CustomDomain', 'AccessTier', 'Identity', 'Encryption',
                        'NetworkRuleSet', 'Kind')
@@ -753,6 +758,9 @@ def update_storage_account(cmd, instance, sku=None, tags=None, custom_domain=Non
             publish_ipv6_endpoint=publish_ipv6_endpoint
         )
 
+    if allowed_copy_scope is not None:
+        params.allowed_copy_scope = allowed_copy_scope
+
     return params
 
 
@@ -924,7 +932,8 @@ def update_blob_service_properties(cmd, instance, enable_change_feed=None, chang
                                    enable_restore_policy=None, restore_days=None,
                                    enable_versioning=None, enable_container_delete_retention=None,
                                    container_delete_retention_days=None, default_service_version=None,
-                                   enable_last_access_tracking=None):
+                                   enable_last_access_tracking=None, enable_static_website=None,
+                                   index_document=None, default_index_document_path=None, error_document_404_path=None):
     if enable_change_feed is not None:
         if enable_change_feed is False:
             change_feed_retention_days = None
@@ -960,6 +969,13 @@ def update_blob_service_properties(cmd, instance, enable_change_feed=None, chang
         LastAccessTimeTrackingPolicy = cmd.get_models('LastAccessTimeTrackingPolicy')
         instance.last_access_time_tracking_policy = LastAccessTimeTrackingPolicy(enable=enable_last_access_tracking)
 
+    if enable_static_website is not None or index_document or default_index_document_path or error_document_404_path:
+        StaticWebsite = cmd.get_models('StaticWebsite')
+        instance.static_website = StaticWebsite(enabled=enable_static_website,
+                                                index_document=index_document,
+                                                default_index_document_path=default_index_document_path,
+                                                error_document404_path=error_document_404_path)
+
     return instance
 
 
@@ -1079,13 +1095,15 @@ def list_encryption_scope(client, resource_group_name, account_name,
 def create_or_policy(cmd, client, account_name, resource_group_name=None, properties=None, source_account=None,
                      destination_account=None, policy_id="default", rule_id=None, source_container=None,
                      destination_container=None, min_creation_time=None, prefix_match=None, enable_metrics=None,
-                     priority_replication=None):
+                     priority_replication=None, tags_replication=None):
     from azure.core.exceptions import HttpResponseError
     (ObjectReplicationPolicy, ObjectReplicationPolicyRule, ObjectReplicationPolicyFilter,
-     ObjectReplicationPolicyPropertiesMetrics, ObjectReplicationPolicyPropertiesPriorityReplication) = \
+     ObjectReplicationPolicyPropertiesMetrics, ObjectReplicationPolicyPropertiesPriorityReplication,
+     ObjectReplicationPolicyPropertiesTagsReplication) = \
         cmd.get_models('ObjectReplicationPolicy', 'ObjectReplicationPolicyRule', 'ObjectReplicationPolicyFilter',
                        'ObjectReplicationPolicyPropertiesMetrics',
-                       'ObjectReplicationPolicyPropertiesPriorityReplication')
+                       'ObjectReplicationPolicyPropertiesPriorityReplication',
+                       'ObjectReplicationPolicyPropertiesTagsReplication')
 
     if properties is None:
         rules = []
@@ -1102,7 +1120,9 @@ def create_or_policy(cmd, client, account_name, resource_group_name=None, proper
                                             rules=rules,
                                             metrics=ObjectReplicationPolicyPropertiesMetrics(enabled=enable_metrics),
                                             priority_replication=ObjectReplicationPolicyPropertiesPriorityReplication(
-                                                enabled=priority_replication))
+                                                enabled=priority_replication),
+                                            tags_replication=ObjectReplicationPolicyPropertiesTagsReplication(
+                                                enabled=tags_replication))
     else:
         rules = []
         if properties.get('rules'):
@@ -1119,7 +1139,9 @@ def create_or_policy(cmd, client, account_name, resource_group_name=None, proper
                                             rules=rules,
                                             metrics=ObjectReplicationPolicyPropertiesMetrics(enabled=properties.get('metrics').get('enabled')),
                                             priority_replication=ObjectReplicationPolicyPropertiesPriorityReplication(
-                                                enabled=properties.get('priorityReplication').get('enabled')))
+                                                enabled=properties.get('priorityReplication').get('enabled')),
+                                            tags_replication=ObjectReplicationPolicyPropertiesTagsReplication(
+                                                enabled=properties.get('tagsReplication').get('enabled')))
     try:
         return client.create_or_update(resource_group_name=resource_group_name, account_name=account_name,
                                        object_replication_policy_id=policy_id, properties=or_policy)
@@ -1135,12 +1157,14 @@ def create_or_policy(cmd, client, account_name, resource_group_name=None, proper
 # pylint: disable=line-too-long
 def update_or_policy(cmd, client, parameters, resource_group_name, account_name, object_replication_policy_id=None,
                      properties=None, source_account=None, destination_account=None, enable_metrics=None,
-                     priority_replication=None):
+                     priority_replication=None, tags_replication=None):
     (ObjectReplicationPolicy, ObjectReplicationPolicyRule, ObjectReplicationPolicyFilter,
-     ObjectReplicationPolicyPropertiesMetrics, ObjectReplicationPolicyPropertiesPriorityReplication) = \
+     ObjectReplicationPolicyPropertiesMetrics, ObjectReplicationPolicyPropertiesPriorityReplication,
+     ObjectReplicationPolicyPropertiesTagsReplication) = \
         cmd.get_models('ObjectReplicationPolicy', 'ObjectReplicationPolicyRule', 'ObjectReplicationPolicyFilter',
                        'ObjectReplicationPolicyPropertiesMetrics',
-                       'ObjectReplicationPolicyPropertiesPriorityReplication')
+                       'ObjectReplicationPolicyPropertiesPriorityReplication',
+                       'ObjectReplicationPolicyPropertiesTagsReplication')
 
     if source_account is not None:
         parameters.source_account = source_account
@@ -1164,7 +1188,9 @@ def update_or_policy(cmd, client, parameters, resource_group_name, account_name,
                                              metrics=ObjectReplicationPolicyPropertiesMetrics(
                                                  enabled=properties.get('metrics').get('enabled')),
                                              priority_replication=ObjectReplicationPolicyPropertiesPriorityReplication(
-                                                 enabled=properties.get('priorityReplication').get('enabled')))
+                                                 enabled=properties.get('priorityReplication').get('enabled')),
+                                             tags_replication=ObjectReplicationPolicyPropertiesTagsReplication(
+                                                 enabled=properties.get('tagsReplication').get('enabled')))
         if "policyId" in properties.keys() and properties["policyId"]:
             object_replication_policy_id = properties["policyId"]
 
@@ -1174,6 +1200,9 @@ def update_or_policy(cmd, client, parameters, resource_group_name, account_name,
     if priority_replication is not None:
         parameters.priority_replication = ObjectReplicationPolicyPropertiesPriorityReplication(enabled=priority_replication)
 
+    if tags_replication is not None:
+        parameters.tags_replication = ObjectReplicationPolicyPropertiesTagsReplication(enabled=tags_replication)
+
     return client.create_or_update(resource_group_name=resource_group_name, account_name=account_name,
                                    object_replication_policy_id=object_replication_policy_id, properties=parameters)