az storage container immutability-policy
Manage container immutability policies.
Commands
Name | Description | Type | Status |
---|---|---|---|
az storage container immutability-policy create |
Create or update an unlocked immutability policy. |
Core | GA |
az storage container immutability-policy delete |
Aborts an unlocked immutability policy. |
Core | GA |
az storage container immutability-policy extend |
Extend the immutabilityPeriodSinceCreationInDays of a locked immutabilityPolicy. |
Core | GA |
az storage container immutability-policy lock |
Sets the ImmutabilityPolicy to Locked state. |
Core | GA |
az storage container immutability-policy show |
Gets the existing immutability policy along with the corresponding ETag in response headers and body. |
Core | GA |
az storage container immutability-policy create
Create or update an unlocked immutability policy.
az storage container immutability-policy create --account-name
--container-name
[--allow-protected-append-writes {false, true}]
[--allow-protected-append-writes-all {false, true}]
[--if-match]
[--period]
[--resource-group]
Required Parameters
Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT.
The container name.
Optional Parameters
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API.
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Block Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive.
An ETag value, or the wildcard character (*). Specify this header to perform the operation only if the resource's ETag matches the value specified.
The immutability period for the blobs in the container since the policy creation, in days.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az storage container immutability-policy delete
Aborts an unlocked immutability policy.
The response of delete has immutabilityPeriodSinceCreationInDays set to 0. ETag in If-Match is required for this operation. Deleting a locked immutability policy is not allowed, the only way is to delete the container after deleting all expired blobs inside the policy locked container.
az storage container immutability-policy delete --account-name
--container-name
--if-match
[--resource-group]
Required Parameters
The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. Required.
The container name.
The entity state (ETag) version of the immutability policy to update. A value of "*" can be used to apply the operation only if the immutability policy already exists. If omitted, this operation will always be applied. Required.
Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az storage container immutability-policy extend
Extend the immutabilityPeriodSinceCreationInDays of a locked immutabilityPolicy.
az storage container immutability-policy extend --account-name
--container-name
--if-match
[--allow-protected-append-writes {false, true}]
[--allow-protected-append-writes-all {false, true}]
[--period]
[--resource-group]
Required Parameters
Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT.
The container name.
An ETag value, or the wildcard character (*). Specify this header to perform the operation only if the resource's ETag matches the value specified.
Optional Parameters
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API.
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Block Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive.
The immutability period for the blobs in the container since the policy creation, in days.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az storage container immutability-policy lock
Sets the ImmutabilityPolicy to Locked state.
The only action allowed on a Locked policy is ExtendImmutabilityPolicy action. ETag in If-Match is required for this operation.
az storage container immutability-policy lock --account-name
--container-name
--if-match
[--resource-group]
Required Parameters
The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. Required.
The container name.
The entity state (ETag) version of the immutability policy to update. A value of "*" can be used to apply the operation only if the immutability policy already exists. If omitted, this operation will always be applied. Required.
Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az storage container immutability-policy show
Gets the existing immutability policy along with the corresponding ETag in response headers and body.
az storage container immutability-policy show --account-name
--container-name
[--if-match]
[--resource-group]
Required Parameters
The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. Required.
The container name.
Optional Parameters
The entity state (ETag) version of the immutability policy to update. A value of "*" can be used to apply the operation only if the immutability policy already exists. If omitted, this operation will always be applied. Default value is None.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.