az storage container immutability-policy
Manage container immutability policies.
Commands
| Name | Description | Type | Status | 
|---|---|---|---|
| az storage container immutability-policy create | Create or update an unlocked immutability policy. | Core | GA | 
| az storage container immutability-policy delete | Aborts an unlocked immutability policy. | Core | GA | 
| az storage container immutability-policy extend | Extend the immutabilityPeriodSinceCreationInDays of a locked immutabilityPolicy. | Core | GA | 
| az storage container immutability-policy lock | Sets the ImmutabilityPolicy to Locked state. | Core | GA | 
| az storage container immutability-policy show | Gets the existing immutability policy along with the corresponding ETag in response headers and body. | Core | GA | 
az storage container immutability-policy create
Create or update an unlocked immutability policy.
az storage container immutability-policy create --account-name
                                                --container-name
                                                [--allow-protected-append-writes {false, true}]
                                                [--allow-protected-append-writes-all --w-all {false, true}]
                                                [--if-match]
                                                [--period]
                                                [--resource-group]Required Parameters
Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT.
The container name.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API.
| Property | Value | 
|---|---|
| Accepted values: | false, true | 
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Block Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive.
| Property | Value | 
|---|---|
| Accepted values: | false, true | 
An ETag value, or the wildcard character (*). Specify this header to perform the operation only if the resource's ETag matches the value specified.
| Property | Value | 
|---|---|
| Parameter group: | Precondition Arguments | 
The immutability period for the blobs in the container since the policy creation, in days.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az storage container immutability-policy delete
Aborts an unlocked immutability policy.
The response of delete has immutabilityPeriodSinceCreationInDays set to 0. ETag in If-Match is required for this operation. Deleting a locked immutability policy is not allowed, the only way is to delete the container after deleting all expired blobs inside the policy locked container.
az storage container immutability-policy delete --account-name
                                                --container-name
                                                --if-match
                                                [--resource-group]Required Parameters
The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. Required.
The container name.
The entity state (ETag) version of the immutability policy to update must be returned to the server for all update operations. The ETag value must include the leading and trailing double quotes as returned by the service. Required.
| Property | Value | 
|---|---|
| Parameter group: | Precondition Arguments | 
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az storage container immutability-policy extend
Extend the immutabilityPeriodSinceCreationInDays of a locked immutabilityPolicy.
az storage container immutability-policy extend --account-name
                                                --container-name
                                                --if-match
                                                [--allow-protected-append-writes {false, true}]
                                                [--allow-protected-append-writes-all --w-all {false, true}]
                                                [--period]
                                                [--resource-group]Required Parameters
Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT.
The container name.
An ETag value, or the wildcard character (*). Specify this header to perform the operation only if the resource's ETag matches the value specified.
| Property | Value | 
|---|---|
| Parameter group: | Precondition Arguments | 
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API.
| Property | Value | 
|---|---|
| Accepted values: | false, true | 
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Block Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive.
| Property | Value | 
|---|---|
| Accepted values: | false, true | 
The immutability period for the blobs in the container since the policy creation, in days.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az storage container immutability-policy lock
Sets the ImmutabilityPolicy to Locked state.
The only action allowed on a Locked policy is ExtendImmutabilityPolicy action. ETag in If-Match is required for this operation.
az storage container immutability-policy lock --account-name
                                              --container-name
                                              --if-match
                                              [--resource-group]Required Parameters
The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. Required.
The container name.
The entity state (ETag) version of the immutability policy to update must be returned to the server for all update operations. The ETag value must include the leading and trailing double quotes as returned by the service. Required.
| Property | Value | 
|---|---|
| Parameter group: | Precondition Arguments | 
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az storage container immutability-policy show
Gets the existing immutability policy along with the corresponding ETag in response headers and body.
az storage container immutability-policy show --account-name
                                              --container-name
                                              [--if-match]
                                              [--resource-group]Required Parameters
The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. Required.
The container name.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The entity state (ETag) version of the immutability policy to update must be returned to the server for all update operations. The ETag value must include the leading and trailing double quotes as returned by the service. Default value is None.
| Property | Value | 
|---|---|
| Parameter group: | Precondition Arguments | 
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False |