storage.azure.com/v1api20210401

"2021-04-01"

AzureStorageSid: Specifies the security identifier (SID) for Azure Storage.

DomainGuid: Specifies the domain GUID.

DomainName: Specifies the primary domain that the AD DNS server is authoritative for.

DomainSid: Specifies the security identifier (SID).

ForestName: Specifies the Active Directory forest to get.

NetBiosDomainName: Specifies the NetBIOS domain name.

AzureStorageSid: Specifies the security identifier (SID) for Azure Storage.

DomainGuid: Specifies the domain GUID.

DomainName: Specifies the primary domain that the AD DNS server is authoritative for.

DomainSid: Specifies the security identifier (SID).

ForestName: Specifies the Active Directory forest to get.

NetBiosDomainName: Specifies the NetBIOS domain name.

ActiveDirectoryProperties: Required if choose AD.

DefaultSharePermission: Default share permission for users using Kerberos authentication if RBAC role is not assigned.

DirectoryServiceOptions: Indicates the directory service used.

"None"

"StorageFileDataSmbShareContributor"

"StorageFileDataSmbShareElevatedContributor"

"StorageFileDataSmbShareOwner"

"StorageFileDataSmbShareReader"

"None"

"StorageFileDataSmbShareContributor"

"StorageFileDataSmbShareElevatedContributor"

"StorageFileDataSmbShareOwner"

"StorageFileDataSmbShareReader"

"AADDS"

"AD"

"None"

"AADDS"

"AD"

"None"

ActiveDirectoryProperties: Required if choose AD.

DefaultSharePermission: Default share permission for users using Kerberos authentication if RBAC role is not assigned.

DirectoryServiceOptions: Indicates the directory service used.

BlobRanges: Blob ranges to restore.

TimeToRestore: Restore blob to the specified time.

EndRange: Blob end range. This is exclusive. Empty means account end.

StartRange: Blob start range. This is inclusive. Empty means account start.

FailureReason: Failure reason when blob restore is failed.

Parameters: Blob restore request parameters.

RestoreId: Id for tracking blob restore request.

Status: The status of blob restore progress. Possible values are: - InProgress: Indicates that blob restore is ongoing. - Complete: Indicates that blob restore has been completed successfully. - Failed: Indicates that blob restore is failed.

"Complete"

"Failed"

"InProgress"

Enabled: Indicates whether change feed event logging is enabled for the Blob service.

RetentionInDays: Indicates the duration of changeFeed retention in days. Minimum value is 1 day and maximum value is 146000 days (400 years). A null value indicates an infinite retention of the change feed.

Enabled: Indicates whether change feed event logging is enabled for the Blob service.

RetentionInDays: Indicates the duration of changeFeed retention in days. Minimum value is 1 day and maximum value is 146000 days (400 years). A null value indicates an infinite retention of the change feed.

"Fixed"

"Infinite"

"Available"

"Breaking"

"Broken"

"Expired"

"Leased"

"Locked"

"Unlocked"

"Blob"

"Container"

"None"

"Blob"

"Container"

"None"

AllowedHeaders: Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request.

AllowedMethods: Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin.

AllowedOrigins: Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or “*” to allow all domains

ExposedHeaders: Required if CorsRule element is present. A list of response headers to expose to CORS clients.

MaxAgeInSeconds: Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response.

"DELETE"

"GET"

"HEAD"

"MERGE"

"OPTIONS"

"POST"

"PUT"

"DELETE"

"GET"

"HEAD"

"MERGE"

"OPTIONS"

"POST"

"PUT"

AllowedHeaders: Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request.

AllowedMethods: Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin.

AllowedOrigins: Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or “*” to allow all domains

ExposedHeaders: Required if CorsRule element is present. A list of response headers to expose to CORS clients.

MaxAgeInSeconds: Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response.

CorsRules: The List of CORS rules. You can include up to five CorsRule elements in the request.

CorsRules: The List of CORS rules. You can include up to five CorsRule elements in the request.

Name: Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source.

UseSubDomainName: Indicates whether indirect CName validation is enabled. Default value is false. This should only be set on updates.

Name: Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source.

UseSubDomainName: Indicates whether indirect CName validation is enabled. Default value is false. This should only be set on updates.

DaysAfterCreationGreaterThan: Value indicating the age in days after creation

DaysAfterCreationGreaterThan: Value indicating the age in days after creation

DaysAfterLastAccessTimeGreaterThan: Value indicating the age in days after last blob access. This property can only be used in conjunction with last access time tracking policy

DaysAfterModificationGreaterThan: Value indicating the age in days after last modification

DaysAfterLastAccessTimeGreaterThan: Value indicating the age in days after last blob access. This property can only be used in conjunction with last access time tracking policy

DaysAfterModificationGreaterThan: Value indicating the age in days after last modification

Days: Indicates the number of days that the deleted item should be retained. The minimum specified value can be 1 and the maximum value can be 365.

Enabled: Indicates whether DeleteRetentionPolicy is enabled.

Days: Indicates the number of days that the deleted item should be retained. The minimum specified value can be 1 and the maximum value can be 365.

Enabled: Indicates whether DeleteRetentionPolicy is enabled.

Identity: The identity to be used with service-side encryption at rest.

KeySource: The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault

Keyvaultproperties: Properties provided by key vault.

RequireInfrastructureEncryption: A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.

Services: List of services which support encryption.

UserAssignedIdentityReference: Resource identifier of the UserAssigned identity to be associated with server-side encryption on the storage account.

UserAssignedIdentity: Resource identifier of the UserAssigned identity to be associated with server-side encryption on the storage account.

Enabled: A boolean indicating whether or not the service encrypts the data as it is stored.

KeyType: Encryption key type to be used for the encryption service. ‘Account’ key type implies that an account-scoped encryption key will be used. ‘Service’ key type implies that a default service key is used.

"Account"

"Service"

"Account"

"Service"

Enabled: A boolean indicating whether or not the service encrypts the data as it is stored.

KeyType: Encryption key type to be used for the encryption service. ‘Account’ key type implies that an account-scoped encryption key will be used. ‘Service’ key type implies that a default service key is used.

LastEnabledTime: Gets a rough estimate of the date/time when the encryption was last enabled by the user. Only returned when encryption is enabled. There might be some unencrypted blobs which were written after this time, as it is just a rough estimate.

Blob: The encryption function of the blob storage service.

File: The encryption function of the file storage service.

Queue: The encryption function of the queue storage service.

Table: The encryption function of the table storage service.

Blob: The encryption function of the blob storage service.

File: The encryption function of the file storage service.

Queue: The encryption function of the queue storage service.

Table: The encryption function of the table storage service.

"Microsoft.Keyvault"

"Microsoft.Storage"

"Microsoft.Keyvault"

"Microsoft.Storage"

Identity: The identity to be used with service-side encryption at rest.

KeySource: The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault

Keyvaultproperties: Properties provided by key vault.

RequireInfrastructureEncryption: A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.

Services: List of services which support encryption.

Blob: Gets the blob endpoint.

Dfs: Gets the dfs endpoint.

File: Gets the file endpoint.

InternetEndpoints: Gets the internet routing storage endpoints

MicrosoftEndpoints: Gets the microsoft routing storage endpoints.

Queue: Gets the queue endpoint.

Table: Gets the table endpoint.

Web: Gets the web endpoint.

Name: The name of the extended location.

Type: The type of the extended location.

"EdgeZone"

"EdgeZone"

Name: The name of the extended location.

Type: The type of the extended location.

CanFailover: A boolean flag which indicates whether or not account failover is supported for the account.

LastSyncTime: All primary writes preceding this UTC date/time value are guaranteed to be available for read operations. Primary writes following this point in time may or may not be available for reads. Element may be default value if value of LastSyncTime is not available, this can happen if secondary is offline or we are in bootstrap.

Status: The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.

"Bootstrap"

"Live"

"Unavailable"

Action: The action of IP ACL rule.

Value: Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.

"Allow"

"Allow"

Action: The action of IP ACL rule.

Value: Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.

Type: The identity type.

UserAssignedIdentities: Gets or sets a list of key value pairs that describe the set of User Assigned identities that will be used with this storage account. The key is the ARM resource identifier of the identity. Only 1 User Assigned identity is permitted here.

PrincipalId: The principal ID of resource identity.

TenantId: The tenant ID of resource.

Type: The identity type.

UserAssignedIdentities: Gets or sets a list of key value pairs that describe the set of User Assigned identities that will be used with this storage account. The key is the ARM resource identifier of the identity. Only 1 User Assigned identity is permitted here.

"None"

"SystemAssigned"

"SystemAssigned,UserAssigned"

"UserAssigned"

"None"

"SystemAssigned"

"SystemAssigned,UserAssigned"

"UserAssigned"

AllowProtectedAppendWrites: This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API

Etag: ImmutabilityPolicy Etag.

ImmutabilityPeriodSinceCreationInDays: The immutability period for the blobs in the container since the policy creation, in days.

State: The ImmutabilityPolicy state of a blob container, possible values include: Locked and Unlocked.

UpdateHistory: The ImmutabilityPolicy update history of the blob container.

"Locked"

"Unlocked"

Enabled: This is an immutable property, when set to true it enables object level immutability at the container level.

"Completed"

"InProgress"

Enabled: This is an immutable property, when set to true it enables object level immutability at the container level.

MigrationState: This property denotes the container level immutability to object level immutability migration state.

TimeStamp: Returns the date and time the object level immutability was enabled.

KeyExpirationPeriodInDays: The key expiration period in days.

KeyExpirationPeriodInDays: The key expiration period in days.

Keyname: The name of KeyVault key.

Keyvaulturi: The Uri of KeyVault.

Keyversion: The version of KeyVault key.

CurrentVersionedKeyIdentifier: The object identifier of the current versioned Key Vault Key in use.

Keyname: The name of KeyVault key.

Keyvaulturi: The Uri of KeyVault.

Keyversion: The version of KeyVault key.

LastKeyRotationTimestamp: Timestamp of last rotation of the Key Vault Key.

BlobType: An array of predefined supported blob types. Only blockBlob is the supported value. This field is currently read only

Enable: When set to true last access time based tracking is enabled.

Name: Name of the policy. The valid value is AccessTimeTracking. This field is currently read only

TrackingGranularityInDays: The field specifies blob object tracking granularity in days, typically how often the blob object should be tracked.This field is currently read only with value as 1

"AccessTimeTracking"

"AccessTimeTracking"

BlobType: An array of predefined supported blob types. Only blockBlob is the supported value. This field is currently read only

Enable: When set to true last access time based tracking is enabled.

Name: Name of the policy. The valid value is AccessTimeTracking. This field is currently read only

TrackingGranularityInDays: The field specifies blob object tracking granularity in days, typically how often the blob object should be tracked.This field is currently read only with value as 1

HasLegalHold: The hasLegalHold public property is set to true by SRP if there are at least one existing tag. The hasLegalHold public property is set to false by SRP if all existing legal hold tags are cleared out. There can be a maximum of 1000 blob containers with hasLegalHold=true for a given account.

Tags: The list of LegalHold tags of a blob container.

BaseBlob: The management policy action for base blob

Snapshot: The management policy action for snapshot

Version: The management policy action for version

BaseBlob: The management policy action for base blob

Snapshot: The management policy action for snapshot

Version: The management policy action for version

Delete: The function to delete the blob

EnableAutoTierToHotFromCool: This property enables auto tiering of a blob from cool to hot on a blob access. This property requires tierToCool.daysAfterLastAccessTimeGreaterThan.

TierToArchive: The function to tier blobs to archive storage. Support blobs currently at Hot or Cool tier

TierToCool: The function to tier blobs to cool storage. Support blobs currently at Hot tier

Delete: The function to delete the blob

EnableAutoTierToHotFromCool: This property enables auto tiering of a blob from cool to hot on a blob access. This property requires tierToCool.daysAfterLastAccessTimeGreaterThan.

TierToArchive: The function to tier blobs to archive storage. Support blobs currently at Hot or Cool tier

TierToCool: The function to tier blobs to cool storage. Support blobs currently at Hot tier

Actions: An object that defines the action set.

Filters: An object that defines the filter set.

Actions: An object that defines the action set.

Filters: An object that defines the filter set.

BlobIndexMatch: An array of blob index tag based filters, there can be at most 10 tag filters

BlobTypes: An array of predefined enum values. Currently blockBlob supports all tiering and delete actions. Only delete actions are supported for appendBlob.

PrefixMatch: An array of strings for prefixes to be match.

BlobIndexMatch: An array of blob index tag based filters, there can be at most 10 tag filters

BlobTypes: An array of predefined enum values. Currently blockBlob supports all tiering and delete actions. Only delete actions are supported for appendBlob.

PrefixMatch: An array of strings for prefixes to be match.

Definition: An object that defines the Lifecycle rule.

Enabled: Rule is enabled if set to true.

Name: A rule name can contain any combination of alpha numeric characters. Rule name is case-sensitive. It must be unique within a policy.

Type: The valid value is Lifecycle

Definition: An object that defines the Lifecycle rule.

Enabled: Rule is enabled if set to true.

Name: A rule name can contain any combination of alpha numeric characters. Rule name is case-sensitive. It must be unique within a policy.

Type: The valid value is Lifecycle

"Lifecycle"

"Lifecycle"

Rules: The Storage Account ManagementPolicies Rules. See more details in: https://docs.microsoft.com/en-us/azure/storage/common/storage-lifecycle-managment-concepts.

Rules: The Storage Account ManagementPolicies Rules. See more details in: https://docs.microsoft.com/en-us/azure/storage/common/storage-lifecycle-managment-concepts.

Delete: The function to delete the blob snapshot

TierToArchive: The function to tier blob snapshot to archive storage. Support blob snapshot currently at Hot or Cool tier

TierToCool: The function to tier blob snapshot to cool storage. Support blob snapshot currently at Hot tier

Delete: The function to delete the blob snapshot

TierToArchive: The function to tier blob snapshot to archive storage. Support blob snapshot currently at Hot or Cool tier

TierToCool: The function to tier blob snapshot to cool storage. Support blob snapshot currently at Hot tier

Delete: The function to delete the blob version

TierToArchive: The function to tier blob version to archive storage. Support blob version currently at Hot or Cool tier

TierToCool: The function to tier blob version to cool storage. Support blob version currently at Hot tier

Delete: The function to delete the blob version

TierToArchive: The function to tier blob version to archive storage. Support blob version currently at Hot or Cool tier

TierToCool: The function to tier blob version to cool storage. Support blob version currently at Hot tier

Bypass: Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, “Logging, Metrics”), or None to bypass none of those traffics.

DefaultAction: Specifies the default action of allow or deny when no other rules match.

IpRules: Sets the IP ACL rules

ResourceAccessRules: Sets the resource access rules

VirtualNetworkRules: Sets the virtual network rules

"AzureServices"

"Logging"

"Metrics"

"None"

"Allow"

"Deny"

"Allow"

"Deny"

Bypass: Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, “Logging, Metrics”), or None to bypass none of those traffics.

DefaultAction: Specifies the default action of allow or deny when no other rules match.

IpRules: Sets the IP ACL rules

ResourceAccessRules: Sets the resource access rules

VirtualNetworkRules: Sets the virtual network rules

Id: Fully qualified resource ID for the resource. Ex - /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​{resourceProviderNamespace}/​{resourceType}/​{resourceName}

ResourceReference: Resource Id

TenantId: Tenant Id

ResourceId: Resource Id

TenantId: Tenant Id

Days: how long this blob can be restored. It should be great than zero and less than DeleteRetentionPolicy.days.

Enabled: Blob restore is enabled if set to true.

Days: how long this blob can be restored. It should be great than zero and less than DeleteRetentionPolicy.days.

Enabled: Blob restore is enabled if set to true.

LastEnabledTime: Deprecated in favor of minRestoreTime property.

MinRestoreTime: Returns the minimum date and time that the restore can be started.

PublishInternetEndpoints: A boolean flag which indicates whether internet routing storage endpoints are to be published

PublishMicrosoftEndpoints: A boolean flag which indicates whether microsoft routing storage endpoints are to be published

RoutingChoice: Routing Choice defines the kind of network routing opted by the user.

"InternetRouting"

"MicrosoftRouting"

"InternetRouting"

"MicrosoftRouting"

PublishInternetEndpoints: A boolean flag which indicates whether internet routing storage endpoints are to be published

PublishMicrosoftEndpoints: A boolean flag which indicates whether microsoft routing storage endpoints are to be published

RoutingChoice: Routing Choice defines the kind of network routing opted by the user.

ExpirationAction: The SAS expiration action. Can only be Log.

SasExpirationPeriod: The SAS expiration period, DD.HH:MM:SS.

"Log"

"Log"

ExpirationAction: The SAS expiration action. Can only be Log.

SasExpirationPeriod: The SAS expiration period, DD.HH:MM:SS.

Name: The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.

Tier: The SKU tier. This is based on the SKU name.

"Premium_LRS"

"Premium_ZRS"

"Standard_GRS"

"Standard_GZRS"

"Standard_LRS"

"Standard_RAGRS"

"Standard_RAGZRS"

"Standard_ZRS"

"Premium_LRS"

"Premium_ZRS"

"Standard_GRS"

"Standard_GZRS"

"Standard_LRS"

"Standard_RAGRS"

"Standard_RAGZRS"

"Standard_ZRS"

Name: The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.

Tier: The SKU tier. This is based on the SKU name.

Blob: Gets the blob endpoint.

Dfs: Gets the dfs endpoint.

File: Gets the file endpoint.

Web: Gets the web endpoint.

Blob: Gets the blob endpoint.

Dfs: Gets the dfs endpoint.

File: Gets the file endpoint.

Queue: Gets the queue endpoint.

Table: Gets the table endpoint.

Web: Gets the web endpoint.

BlobEndpoint: indicates where the BlobEndpoint config map should be placed. If omitted, no config map will be created.

DfsEndpoint: indicates where the DfsEndpoint config map should be placed. If omitted, no config map will be created.

FileEndpoint: indicates where the FileEndpoint config map should be placed. If omitted, no config map will be created.

QueueEndpoint: indicates where the QueueEndpoint config map should be placed. If omitted, no config map will be created.

TableEndpoint: indicates where the TableEndpoint config map should be placed. If omitted, no config map will be created.

WebEndpoint: indicates where the WebEndpoint config map should be placed. If omitted, no config map will be created.

BlobEndpoint: indicates where the BlobEndpoint secret should be placed. If omitted, the secret will not be retrieved from Azure.

DfsEndpoint: indicates where the DfsEndpoint secret should be placed. If omitted, the secret will not be retrieved from Azure.

FileEndpoint: indicates where the FileEndpoint secret should be placed. If omitted, the secret will not be retrieved from Azure.

Key1: indicates where the Key1 secret should be placed. If omitted, the secret will not be retrieved from Azure.

Key2: indicates where the Key2 secret should be placed. If omitted, the secret will not be retrieved from Azure.

QueueEndpoint: indicates where the QueueEndpoint secret should be placed. If omitted, the secret will not be retrieved from Azure.

TableEndpoint: indicates where the TableEndpoint secret should be placed. If omitted, the secret will not be retrieved from Azure.

WebEndpoint: indicates where the WebEndpoint secret should be placed. If omitted, the secret will not be retrieved from Azure.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

ConfigMaps: configures where to place operator written ConfigMaps.

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Secrets: configures where to place Azure generated secrets.

"Cool"

"Hot"

"Disabled"

"Enabled"

"TLS1_0"

"TLS1_1"

"TLS1_2"

"Cool"

"Hot"

"Disabled"

"Enabled"

"TLS1_0"

"TLS1_1"

"TLS1_2"

"Creating"

"ResolvingDNS"

"Succeeded"

"available"

"unavailable"

"available"

"unavailable"

"BlobStorage"

"BlockBlobStorage"

"FileStorage"

"Storage"

"StorageV2"

"BlobStorage"

"BlockBlobStorage"

"FileStorage"

"Storage"

"StorageV2"

AccessTier: Required for storage accounts where kind = BlobStorage. The access tier used for billing.

AllowBlobPublicAccess: Allow or disallow public access to all blobs or containers in the storage account. The default interpretation is true for this property.

AllowCrossTenantReplication: Allow or disallow cross AAD tenant object replication. The default interpretation is true for this property.

AllowSharedKeyAccess: Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.

AzureFilesIdentityBasedAuthentication: Provides the identity based authentication settings for Azure Files.

BlobRestoreStatus: Blob restore status

Conditions: The observed state of the resource

CreationTime: Gets the creation date and time of the storage account in UTC.

CustomDomain: Gets the custom domain the user assigned to this storage account.

Encryption: Gets the encryption settings on the account. If unspecified, the account is unencrypted.

ExtendedLocation: The extendedLocation of the resource.

FailoverInProgress: If the failover is in progress, the value will be true, otherwise, it will be null.

GeoReplicationStats: Geo Replication Stats

Id: Fully qualified resource ID for the resource. Ex - /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​{resourceProviderNamespace}/​{resourceType}/​{resourceName}

Identity: The identity of the resource.

IsHnsEnabled: Account HierarchicalNamespace enabled if sets to true.

IsNfsV3Enabled: NFS 3.0 protocol support enabled if set to true.

KeyCreationTime: Storage account keys creation time.

KeyPolicy: KeyPolicy assigned to the storage account.

Kind: Gets the Kind.

LargeFileSharesState: Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.

LastGeoFailoverTime: Gets the timestamp of the most recent instance of a failover to the secondary location. Only the most recent timestamp is retained. This element is not returned if there has never been a failover instance. Only available if the accountType is Standard_GRS or Standard_RAGRS.

Location: The geo-location where the resource lives

MinimumTlsVersion: Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.

Name: The name of the resource

NetworkAcls: Network rule set

PrimaryEndpoints: Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object. Note that Standard_ZRS and Premium_LRS accounts only return the blob endpoint.

PrimaryLocation: Gets the location of the primary data center for the storage account.

PrivateEndpointConnections: List of private endpoint connection associated with the specified storage account

ProvisioningState: Gets the status of the storage account at the time the operation was called.

RoutingPreference: Maintains information about the network routing choice opted by the user for data transfer

SasPolicy: SasPolicy assigned to the storage account.

SecondaryEndpoints: Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object from the secondary location of the storage account. Only available if the SKU name is Standard_RAGRS.

SecondaryLocation: Gets the location of the geo-replicated secondary for the storage account. Only available if the accountType is Standard_GRS or Standard_RAGRS.

Sku: Gets the SKU.

StatusOfPrimary: Gets the status indicating whether the primary location of the storage account is available or unavailable.

StatusOfSecondary: Gets the status indicating whether the secondary location of the storage account is available or unavailable. Only available if the SKU name is Standard_GRS or Standard_RAGRS.

SupportsHttpsTrafficOnly: Allows https traffic only to storage service if sets to true.

Tags: Resource tags.

Type: The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”

AccessTier: Required for storage accounts where kind = BlobStorage. The access tier used for billing.

AllowBlobPublicAccess: Allow or disallow public access to all blobs or containers in the storage account. The default interpretation is true for this property.

AllowCrossTenantReplication: Allow or disallow cross AAD tenant object replication. The default interpretation is true for this property.

AllowSharedKeyAccess: Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.

AzureFilesIdentityBasedAuthentication: Provides the identity based authentication settings for Azure Files.

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

CustomDomain: User domain assigned to the storage account. Name is the CNAME source. Only one custom domain is supported per storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name property.

Encryption: Not applicable. Azure Storage encryption is enabled for all storage accounts and cannot be disabled.

ExtendedLocation: Optional. Set the extended location of the resource. If not set, the storage account will be created in Azure main region. Otherwise it will be created in the specified extended location

Identity: The identity of the resource.

IsHnsEnabled: Account HierarchicalNamespace enabled if sets to true.

IsNfsV3Enabled: NFS 3.0 protocol support enabled if set to true.

KeyPolicy: KeyPolicy assigned to the storage account.

Kind: Required. Indicates the type of storage account.

LargeFileSharesState: Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.

Location: Required. Gets or sets the location of the resource. This will be one of the supported and registered Azure Geo Regions (e.g. West US, East US, Southeast Asia, etc.). The geo region of a resource cannot be changed once it is created, but if an identical geo region is specified on update, the request will succeed.

MinimumTlsVersion: Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.

NetworkAcls: Network rule set

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource

RoutingPreference: Maintains information about the network routing choice opted by the user for data transfer

SasPolicy: SasPolicy assigned to the storage account.

Sku: Required. Gets or sets the SKU name.

SupportsHttpsTrafficOnly: Allows https traffic only to storage service if sets to true. The default value is true since API version 2019-04-01.

Tags: Gets or sets a list of key value pairs that describe the resource. These tags can be used for viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key with a length no greater than 128 characters and a value with a length no greater than 256 characters.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

AutomaticSnapshotPolicyEnabled: Deprecated in favor of isVersioningEnabled property.

ChangeFeed: The blob service properties for change feed events.

Conditions: The observed state of the resource

ContainerDeleteRetentionPolicy: The blob service properties for container soft delete.

Cors: Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service.

DefaultServiceVersion: DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions.

DeleteRetentionPolicy: The blob service properties for blob soft delete.

Id: Fully qualified resource ID for the resource. Ex - /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​{resourceProviderNamespace}/​{resourceType}/​{resourceName}

IsVersioningEnabled: Versioning is enabled if set to true.

LastAccessTimeTrackingPolicy: The blob service property to configure last access time based tracking policy.

Name: The name of the resource

RestorePolicy: The blob service properties for blob restore policy.

Sku: Sku name and tier.

Type: The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”

AutomaticSnapshotPolicyEnabled: Deprecated in favor of isVersioningEnabled property.

ChangeFeed: The blob service properties for change feed events.

ContainerDeleteRetentionPolicy: The blob service properties for container soft delete.

Cors: Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service.

DefaultServiceVersion: DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions.

DeleteRetentionPolicy: The blob service properties for blob soft delete.

IsVersioningEnabled: Versioning is enabled if set to true.

LastAccessTimeTrackingPolicy: The blob service property to configure last access time based tracking policy.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a storage.azure.com/StorageAccount resource

RestorePolicy: The blob service properties for blob restore policy.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

DefaultEncryptionScope: Default the container to use specified encryption scope for all writes.

Deleted: Indicates whether the blob container was deleted.

DeletedTime: Blob container deletion time.

DenyEncryptionScopeOverride: Block override of encryption scope from the container default.

Etag: Resource Etag.

HasImmutabilityPolicy: The hasImmutabilityPolicy public property is set to true by SRP if ImmutabilityPolicy has been created for this container. The hasImmutabilityPolicy public property is set to false by SRP if ImmutabilityPolicy has not been created for this container.

HasLegalHold: The hasLegalHold public property is set to true by SRP if there are at least one existing tag. The hasLegalHold public property is set to false by SRP if all existing legal hold tags are cleared out. There can be a maximum of 1000 blob containers with hasLegalHold=true for a given account.

Id: Fully qualified resource ID for the resource. Ex - /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​{resourceProviderNamespace}/​{resourceType}/​{resourceName}

ImmutabilityPolicy: The ImmutabilityPolicy property of the container.

ImmutableStorageWithVersioning: The object level immutability property of the container. The property is immutable and can only be set to true at the container creation time. Existing containers must undergo a migration process.

LastModifiedTime: Returns the date and time the container was last modified.

LeaseDuration: Specifies whether the lease on a container is of infinite or fixed duration, only when the container is leased.

LeaseState: Lease state of the container.

LeaseStatus: The lease status of the container.

LegalHold: The LegalHold property of the container.

Metadata: A name-value pair to associate with the container as metadata.

Name: The name of the resource

PublicAccess: Specifies whether data in the container may be accessed publicly and the level of access.

RemainingRetentionDays: Remaining retention days for soft deleted blob container.

Type: The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”

Version: The version of the deleted blob container.

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

DefaultEncryptionScope: Default the container to use specified encryption scope for all writes.

DenyEncryptionScopeOverride: Block override of encryption scope from the container default.

ImmutableStorageWithVersioning: The object level immutability property of the container. The property is immutable and can only be set to true at the container creation time. Existing containers must undergo a migration process.

Metadata: A name-value pair to associate with the container as metadata.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a storage.azure.com/StorageAccountsBlobService resource

PublicAccess: Specifies whether data in the container may be accessed publicly and the level of access.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

Id: Fully qualified resource ID for the resource. Ex - /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​{resourceProviderNamespace}/​{resourceType}/​{resourceName}

LastModifiedTime: Returns the date and time the ManagementPolicies was last modified.

Name: The name of the resource

Policy: The Storage Account ManagementPolicy, in JSON format. See more details in: https://docs.microsoft.com/en-us/azure/storage/common/storage-lifecycle-managment-concepts.

Type: The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a storage.azure.com/StorageAccount resource

Policy: The Storage Account ManagementPolicy, in JSON format. See more details in: https://docs.microsoft.com/en-us/azure/storage/common/storage-lifecycle-managment-concepts.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

Cors: Specifies CORS rules for the Queue service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Queue service.

Id: Fully qualified resource ID for the resource. Ex - /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​{resourceProviderNamespace}/​{resourceType}/​{resourceName}

Name: The name of the resource

Type: The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”

Cors: Specifies CORS rules for the Queue service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Queue service.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a storage.azure.com/StorageAccount resource

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

ApproximateMessageCount: Integer indicating an approximate number of messages in the queue. This number is not lower than the actual number of messages in the queue, but could be higher.

Conditions: The observed state of the resource

Id: Fully qualified resource ID for the resource. Ex - /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​{resourceProviderNamespace}/​{resourceType}/​{resourceName}

Metadata: A name-value pair that represents queue metadata.

Name: The name of the resource

Type: The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

Metadata: A name-value pair that represents queue metadata.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a storage.azure.com/StorageAccountsQueueService resource

Name: This is the filter tag name, it can have 1 - 128 characters

Op: This is the comparison operator which is used for object comparison and filtering. Only == (equality operator) is currently supported

Value: This is the filter tag value field used for tag based filtering, it can have 0 - 256 characters

Name: This is the filter tag name, it can have 1 - 128 characters

Op: This is the comparison operator which is used for object comparison and filtering. Only == (equality operator) is currently supported

Value: This is the filter tag value field used for tag based filtering, it can have 0 - 256 characters

ObjectIdentifier: Returns the Object ID of the user who added the tag.

Tag: The tag value.

TenantId: Returns the Tenant ID that issued the token for the user who added the tag.

Timestamp: Returns the date and time the tag was added.

Upn: Returns the User Principal Name of the user who added the tag.

"Premium"

"Standard"

"Premium"

"Standard"

ImmutabilityPeriodSinceCreationInDays: The immutability period for the blobs in the container since the policy creation, in days.

ObjectIdentifier: Returns the Object ID of the user who updated the ImmutabilityPolicy.

TenantId: Returns the Tenant ID that issued the token for the user who updated the ImmutabilityPolicy.

Timestamp: Returns the date and time the ImmutabilityPolicy was updated.

Update: The ImmutabilityPolicy update type of a blob container, possible values include: put, lock and extend.

Upn: Returns the User Principal Name of the user who updated the ImmutabilityPolicy.

"extend"

"lock"

"put"

ClientId: The client ID of the identity.

PrincipalId: The principal ID of the identity.

Action: The action of virtual network rule.

Reference: Resource ID of a subnet, for example: /​subscriptions/​{subscriptionId}/​resourceGroups/​{groupName}/​providers/​Microsoft.Network/​virtualNetworks/​{vnetName}/​subnets/​{subnetName}.

State: Gets the state of virtual network rule.

"Allow"

"Allow"

Action: The action of virtual network rule.

Id: Resource ID of a subnet, for example: /​subscriptions/​{subscriptionId}/​resourceGroups/​{groupName}/​providers/​Microsoft.Network/​virtualNetworks/​{vnetName}/​subnets/​{subnetName}.

State: Gets the state of virtual network rule.

"Deprovisioning"

"Failed"

"NetworkSourceDeleted"

"Provisioning"

"Succeeded"

"Deprovisioning"

"Failed"

"NetworkSourceDeleted"

"Provisioning"

"Succeeded"