Share via


az storage container immutability-policy

Manage container immutability policies.

Commands

Name Description Type Status
az storage container immutability-policy create

Create or update an unlocked immutability policy.

Core GA
az storage container immutability-policy delete

Aborts an unlocked immutability policy.

Core GA
az storage container immutability-policy extend

Extend the immutabilityPeriodSinceCreationInDays of a locked immutabilityPolicy.

Core GA
az storage container immutability-policy lock

Sets the ImmutabilityPolicy to Locked state.

Core GA
az storage container immutability-policy show

Gets the existing immutability policy along with the corresponding ETag in response headers and body.

Core GA

az storage container immutability-policy create

Create or update an unlocked immutability policy.

az storage container immutability-policy create --account-name
                                                --container-name
                                                [--allow-protected-append-writes {false, true}]
                                                [--allow-protected-append-writes-all {false, true}]
                                                [--if-match]
                                                [--period]
                                                [--resource-group]

Required Parameters

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT.

--container-name -c

The container name.

Optional Parameters

--allow-protected-append-writes -w

This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API.

Accepted values: false, true
--allow-protected-append-writes-all --w-all

This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Block Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive.

Accepted values: false, true
--if-match

An ETag value, or the wildcard character (*). Specify this header to perform the operation only if the resource's ETag matches the value specified.

--period

The immutability period for the blobs in the container since the policy creation, in days.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage container immutability-policy delete

Aborts an unlocked immutability policy.

The response of delete has immutabilityPeriodSinceCreationInDays set to 0. ETag in If-Match is required for this operation. Deleting a locked immutability policy is not allowed, the only way is to delete the container after deleting all expired blobs inside the policy locked container.

az storage container immutability-policy delete --account-name
                                                --container-name
                                                --if-match
                                                [--resource-group]

Required Parameters

--account-name

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. Required.

--container-name -c

The container name.

--if-match

The entity state (ETag) version of the immutability policy to update. A value of "*" can be used to apply the operation only if the immutability policy already exists. If omitted, this operation will always be applied. Required.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage container immutability-policy extend

Extend the immutabilityPeriodSinceCreationInDays of a locked immutabilityPolicy.

az storage container immutability-policy extend --account-name
                                                --container-name
                                                --if-match
                                                [--allow-protected-append-writes {false, true}]
                                                [--allow-protected-append-writes-all {false, true}]
                                                [--period]
                                                [--resource-group]

Required Parameters

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT.

--container-name -c

The container name.

--if-match

An ETag value, or the wildcard character (*). Specify this header to perform the operation only if the resource's ETag matches the value specified.

Optional Parameters

--allow-protected-append-writes -w

This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API.

Accepted values: false, true
--allow-protected-append-writes-all --w-all

This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Block Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive.

Accepted values: false, true
--period

The immutability period for the blobs in the container since the policy creation, in days.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage container immutability-policy lock

Sets the ImmutabilityPolicy to Locked state.

The only action allowed on a Locked policy is ExtendImmutabilityPolicy action. ETag in If-Match is required for this operation.

az storage container immutability-policy lock --account-name
                                              --container-name
                                              --if-match
                                              [--resource-group]

Required Parameters

--account-name

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. Required.

--container-name -c

The container name.

--if-match

The entity state (ETag) version of the immutability policy to update. A value of "*" can be used to apply the operation only if the immutability policy already exists. If omitted, this operation will always be applied. Required.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage container immutability-policy show

Gets the existing immutability policy along with the corresponding ETag in response headers and body.

az storage container immutability-policy show --account-name
                                              --container-name
                                              [--if-match]
                                              [--resource-group]

Required Parameters

--account-name

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. Required.

--container-name -c

The container name.

Optional Parameters

--if-match

The entity state (ETag) version of the immutability policy to update. A value of "*" can be used to apply the operation only if the immutability policy already exists. If omitted, this operation will always be applied. Default value is None.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.