tessl/pypi-azure-mgmt-storage
Microsoft Azure Storage Management Client Library for Python
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
security-access.mddocs/
Security and Access Management
Management of private endpoints, local users for SFTP access, encryption scopes, and network security configurations. These features provide comprehensive security controls for Azure Storage accounts.
Capabilities
Private Endpoint Management
Configure private endpoints for secure, private connectivity to storage accounts over Azure's backbone network.
class PrivateEndpointConnectionsOperations:
def put(
self,
resource_group_name: str,
account_name: str,
private_endpoint_connection_name: str,
properties: PrivateEndpointConnection
) -> PrivateEndpointConnection:
"""
Updates the state of specified private endpoint connection.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- private_endpoint_connection_name: Name of the private endpoint connection
- properties: Private endpoint connection properties
Returns:
Updated PrivateEndpointConnection
"""
def get(
self,
resource_group_name: str,
account_name: str,
private_endpoint_connection_name: str
) -> PrivateEndpointConnection:
"""
Gets the specified private endpoint connection.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- private_endpoint_connection_name: Name of the private endpoint connection
Returns:
PrivateEndpointConnection details
"""
def delete(
self,
resource_group_name: str,
account_name: str,
private_endpoint_connection_name: str
) -> None:
"""
Deletes the specified private endpoint connection.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- private_endpoint_connection_name: Name of the private endpoint connection
"""
def list(
self,
resource_group_name: str,
account_name: str
) -> ItemPaged[PrivateEndpointConnection]:
"""
Lists all private endpoint connections for a storage account.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
Returns:
Paginated list of PrivateEndpointConnection objects
"""Usage example:
from azure.mgmt.storage.models import (
PrivateEndpointConnection, PrivateLinkServiceConnectionState,
PrivateEndpointServiceConnectionStatus
)
# Approve a private endpoint connection
connection_state = PrivateLinkServiceConnectionState(
status=PrivateEndpointServiceConnectionStatus.APPROVED,
description="Approved for secure access"
)
private_endpoint_conn = PrivateEndpointConnection(
private_link_service_connection_state=connection_state
)
approved_connection = client.private_endpoint_connections.put(
resource_group_name="my-resource-group",
account_name="mystorageaccount123",
private_endpoint_connection_name="my-private-endpoint",
properties=private_endpoint_conn
)
# List all private endpoint connections
connections = list(client.private_endpoint_connections.list(
resource_group_name="my-resource-group",
account_name="mystorageaccount123"
))
for conn in connections:
print(f"Connection: {conn.name}, Status: {conn.private_link_service_connection_state.status}")Private Link Resources
Discover available private link resources and their configuration details.
class PrivateLinkResourcesOperations:
def list_by_storage_account(
self,
resource_group_name: str,
account_name: str
) -> PrivateLinkResourceListResult:
"""
Gets the private link resources that need to be created for a storage account.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
Returns:
PrivateLinkResourceListResult containing available resources
"""Local User Management (SFTP)
Manage local user accounts for SFTP access to Azure Blob storage.
class LocalUsersOperations:
def create_or_update(
self,
resource_group_name: str,
account_name: str,
username: str,
properties: LocalUser
) -> LocalUser:
"""
Creates or updates a local user account for SFTP access.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- username: Username for the local user account
- properties: Local user properties and configuration
Returns:
Created or updated LocalUser
"""
def get(
self,
resource_group_name: str,
account_name: str,
username: str
) -> LocalUser:
"""
Gets the specified local user.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- username: Username of the local user
Returns:
LocalUser details
"""
def delete(
self,
resource_group_name: str,
account_name: str,
username: str
) -> None:
"""
Deletes the specified local user.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- username: Username of the local user to delete
"""
def list(
self,
resource_group_name: str,
account_name: str,
include: Optional[ListLocalUserIncludeParam] = None
) -> ItemPaged[LocalUser]:
"""
Lists local users for a storage account.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- include: Optional list of local user properties to include
Returns:
Paginated list of LocalUser objects
"""
def list_keys(
self,
resource_group_name: str,
account_name: str,
username: str
) -> LocalUserKeys:
"""
Lists the SSH public keys for the specified local user.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- username: Username of the local user
Returns:
LocalUserKeys containing SSH public keys
"""
def regenerate_password(
self,
resource_group_name: str,
account_name: str,
username: str
) -> LocalUserRegeneratePasswordResult:
"""
Regenerates the password for the specified local user.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- username: Username of the local user
Returns:
LocalUserRegeneratePasswordResult with new password
"""Usage example:
from azure.mgmt.storage.models import (
LocalUser, SshPublicKey, PermissionScope
)
# Create SSH public key for authentication
ssh_key = SshPublicKey(
description="Development key",
key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB... user@machine"
)
# Define access permissions for containers
permission_scope = PermissionScope(
permissions="rwd", # read, write, delete
service="blob",
resource_name="data-container"
)
# Create local user for SFTP access
local_user = LocalUser(
properties=LocalUserProperties(
permission_scopes=[permission_scope],
ssh_authorized_keys=[ssh_key],
has_shared_key=False, # Use SSH keys only
has_ssh_key=True,
has_ssh_password=False
)
)
created_user = client.local_users.create_or_update(
resource_group_name="my-resource-group",
account_name="mystorageaccount123",
username="sftp-user-01",
properties=local_user
)
# List all local users
users = list(client.local_users.list(
resource_group_name="my-resource-group",
account_name="mystorageaccount123"
))
for user in users:
print(f"User: {user.name}, Has SSH Key: {user.properties.has_ssh_key}")
# Get SSH keys for a user
keys = client.local_users.list_keys(
resource_group_name="my-resource-group",
account_name="mystorageaccount123",
username="sftp-user-01"
)Encryption Scope Management
Manage customer-managed encryption scopes for granular encryption control.
class EncryptionScopesOperations:
def put(
self,
resource_group_name: str,
account_name: str,
encryption_scope_name: str,
encryption_scope: EncryptionScope
) -> EncryptionScope:
"""
Creates or updates an encryption scope.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- encryption_scope_name: Name of the encryption scope
- encryption_scope: Encryption scope properties
Returns:
Created or updated EncryptionScope
"""
def patch(
self,
resource_group_name: str,
account_name: str,
encryption_scope_name: str,
encryption_scope: EncryptionScope
) -> EncryptionScope:
"""
Updates properties of an existing encryption scope.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- encryption_scope_name: Name of the encryption scope
- encryption_scope: Updated encryption scope properties
Returns:
Updated EncryptionScope
"""
def get(
self,
resource_group_name: str,
account_name: str,
encryption_scope_name: str
) -> EncryptionScope:
"""
Gets the specified encryption scope.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- encryption_scope_name: Name of the encryption scope
Returns:
EncryptionScope details
"""
def list(
self,
resource_group_name: str,
account_name: str,
maxpagesize: Optional[int] = None,
filter: Optional[str] = None,
include: Optional[ListEncryptionScopesInclude] = None
) -> ItemPaged[EncryptionScope]:
"""
Lists all encryption scopes for a storage account.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- maxpagesize: Maximum number of results per page
- filter: OData filter expression
- include: Include additional properties
Returns:
Paginated list of EncryptionScope objects
"""Usage example:
from azure.mgmt.storage.models import (
EncryptionScope, EncryptionScopeSource, EncryptionScopeState,
EncryptionScopeKeyVaultProperties
)
# Create encryption scope using Microsoft-managed keys
ms_managed_scope = EncryptionScope(
properties=EncryptionScopeProperties(
source=EncryptionScopeSource.MICROSOFT_STORAGE,
state=EncryptionScopeState.ENABLED,
require_infrastructure_encryption=True
)
)
created_scope = client.encryption_scopes.put(
resource_group_name="my-resource-group",
account_name="mystorageaccount123",
encryption_scope_name="ms-managed-scope",
encryption_scope=ms_managed_scope
)
# Create encryption scope using customer-managed keys from Key Vault
kv_properties = EncryptionScopeKeyVaultProperties(
key_uri="https://myvault.vault.azure.net/keys/mykey/version",
current_versioned_key_identifier="https://myvault.vault.azure.net/keys/mykey/abc123"
)
customer_managed_scope = EncryptionScope(
properties=EncryptionScopeProperties(
source=EncryptionScopeSource.MICROSOFT_KEY_VAULT,
state=EncryptionScopeState.ENABLED,
key_vault_properties=kv_properties
)
)
client.encryption_scopes.put(
resource_group_name="my-resource-group",
account_name="mystorageaccount123",
encryption_scope_name="customer-managed-scope",
encryption_scope=customer_managed_scope
)
# List all encryption scopes
scopes = list(client.encryption_scopes.list(
resource_group_name="my-resource-group",
account_name="mystorageaccount123"
))
for scope in scopes:
print(f"Scope: {scope.name}, Source: {scope.properties.source}, State: {scope.properties.state}")Network Security Perimeter Configurations
Manage network security perimeter configurations for advanced network isolation.
class NetworkSecurityPerimeterConfigurationsOperations:
def get(
self,
resource_group_name: str,
account_name: str,
network_security_perimeter_configuration_name: str
) -> NetworkSecurityPerimeterConfiguration:
"""
Gets effective NetworkSecurityPerimeterConfiguration for association.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- network_security_perimeter_configuration_name: Name of the configuration
Returns:
NetworkSecurityPerimeterConfiguration details
"""
def list(
self,
resource_group_name: str,
account_name: str
) -> ItemPaged[NetworkSecurityPerimeterConfiguration]:
"""
Lists NetworkSecurityPerimeterConfigurations for a storage account.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
Returns:
Paginated list of network security perimeter configurations
"""
def begin_reconcile(
self,
resource_group_name: str,
account_name: str,
network_security_perimeter_configuration_name: str
) -> LROPoller[None]:
"""
Refreshes any information about the association.
Parameters:
- resource_group_name: Name of the resource group
- account_name: Name of the storage account
- network_security_perimeter_configuration_name: Name of the configuration
"""Types
class PrivateEndpointConnection:
"""Private endpoint connection resource."""
id: str
name: str
type_: str
properties: PrivateEndpointConnectionProperties
class PrivateEndpointConnectionProperties:
"""Properties of private endpoint connection."""
private_endpoint: PrivateEndpoint
private_link_service_connection_state: PrivateLinkServiceConnectionState
provisioning_state: PrivateEndpointConnectionProvisioningState
class PrivateLinkServiceConnectionState:
"""Connection state of private endpoint."""
status: PrivateEndpointServiceConnectionStatus
description: str
action_required: str
class LocalUser:
"""Local user account for SFTP access."""
id: str
name: str
type_: str
system_data: SystemData
properties: LocalUserProperties
class LocalUserProperties:
"""Properties of a local user."""
permission_scopes: List[PermissionScope]
home_directory: str
ssh_authorized_keys: List[SshPublicKey]
has_shared_key: bool
has_ssh_key: bool
has_ssh_password: bool
class PermissionScope:
"""Permission scope for local user."""
permissions: str # Combination of 'r', 'w', 'd', 'l', 'c'
service: str # "blob"
resource_name: str # Container name
class SshPublicKey:
"""SSH public key for authentication."""
description: str
key: str
class EncryptionScope:
"""Encryption scope resource."""
id: str
name: str
type_: str
properties: EncryptionScopeProperties
class EncryptionScopeProperties:
"""Properties of an encryption scope."""
source: EncryptionScopeSource
state: EncryptionScopeState
creation_time: datetime
last_modified_time: datetime
key_vault_properties: EncryptionScopeKeyVaultProperties
require_infrastructure_encryption: bool
class EncryptionScopeSource(str, Enum):
"""Source of encryption keys."""
MICROSOFT_STORAGE = "Microsoft.Storage"
MICROSOFT_KEY_VAULT = "Microsoft.KeyVault"
class EncryptionScopeState(str, Enum):
"""State of encryption scope."""
ENABLED = "Enabled"
DISABLED = "Disabled"
class PrivateEndpointServiceConnectionStatus(str, Enum):
"""Status of private endpoint connection."""
PENDING = "Pending"
APPROVED = "Approved"
REJECTED = "Rejected"Install with Tessl CLI
npx tessl i tessl/pypi-azure-mgmt-storage