def validate_encryption(namespace):
''' Builds up the encryption object for storage account operations based on the
list of services passed in. '''
if namespace.encryption:
from azure.mgmt.storage.models import Encryption, EncryptionServices, EncryptionService
services = {service: EncryptionService(True) for service in namespace.encryption}
namespace.encryption = Encryption(EncryptionServices(**services))
def update_storage_account_encryption(self, storage_client,
resource_group_name, stg_name,
key_name, vault_uri):
"""Updates Storage Account Encryption for a Storage Account.
:param storage_client: Instance of the Azure StorageManagementClient.
:param resource_group_name: The name of the resource group.
:param stg_name: The Storage Account name.
:param key_name: Name of the Key to encrypt the Storage Account with.
:param vault_uri: Key Vault uri in which the Key exists.
:type storage_client: object
:type resource_group_name: str
:type stg_name: str
:type key_name: str
:type vault_uri: str
:returns: None
:rtype: None
"""
logging.info(
" Encrypting Storage Account with Customer Managed Key")
logging.info(" executing storage_client.storage_accounts.update")
logging.info(f" resource_group_name={resource_group_name}")
logging.info(f" account_name={stg_name}")
logging.info(f" key_vault_uri={vault_uri}")
logging.info(f" key_name={key_name}")
storage_client.storage_accounts.update(
resource_group_name=resource_group_name,
account_name=stg_name,
parameters=StorageAccountUpdateParameters(encryption=Encryption(
key_source=KeySource.MICROSOFT_KEYVAULT,
key_vault_properties=KeyVaultProperties(
key_name=key_name,
key_vault_uri=vault_uri,
),
), ),
)
def create_storage(self):
"""Function that creates a new storage account
:raises: :class:`Exception`
"""
if not self._resource_management_integration_service\
.resource_group_exists(
self._vdc_storage_account_resource_group):
self._logger.info(
'No resource group: {} found, provisioning one.'.format(
self._vdc_storage_account_resource_group))
self._resource_management_integration_service\
.create_or_update_resource_group(
self._vdc_storage_account_resource_group,
self._location)
self._logger.info('Attempting authentication.')
parameters: StorageAccountCreateParameters
encryptionService = EncryptionService(enabled=True)
encryptionServices = EncryptionServices(blob=encryptionService)
encryption = Encryption(services=encryptionServices)
parameters = StorageAccountCreateParameters(
sku=Sku(name='Standard_LRS'),
kind='BlobStorage',
location=self._location,
encryption=encryption,
access_tier='Cool',
enable_https_traffic_only=True)
self._logger.info(
'creating storage account using rg: {} and account name: {}'.
format(self._vdc_storage_account_resource_group,
self._vdc_storage_account_name))
async_operation = self._storage_management_client.storage_accounts.create(
self._vdc_storage_account_resource_group,
self._vdc_storage_account_name, parameters)
async_operation.wait()
self._logger.info('vdc storage created')