Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

az storage account create ignores encryption parameters when configuring table/queue encryption key type #22704

Closed
baaym opened this issue Jun 2, 2022 · 3 comments · Fixed by #26853
Closed

az storage account create ignores encryption parameters when configuring table/queue encryption key type #22704

baaym opened this issue Jun 2, 2022 · 3 comments · Fixed by #26853
Assignees
@evelyn-ys @calvinhzy
Labels
Auto-Assign Auto assign by bot customer-reported Issues that are reported by GitHub users external to the Azure organization. Installation Storage az storage
Milestone
Backlog

Comments

@baaym
Copy link

baaym commented Jun 2, 2022

Related command

az storage account create \
  --name "test-storage-account" \
  -g "test-rg" \
  --location "westeurope" \
  --sku Standard_GRS \
  --encryption-key-source "Microsoft.Keyvault" \
  --encryption-key-vault "[INSERT_VAULT_URI_HERE]" \
  --encryption-key-name "my-key" \
  --encryption-services blob file queue table \
  --encryption-key-type-for-queue Account \
  --encryption-key-type-for-table Account

Describe the bug

When including the --encryption-key-type-for-queue or --encryption-key-type-for-table properties, other provided encryption parameters are ignored.

I could trace back the section of code that triggers this behavior here: https://github.com/Azure/azure-cli/blob/azure-cli-2.37.0/src/azure-cli/azure/cli/command_modules/storage/operations/account.py#L182-L186

To Reproduce

  • Configure a key vault and key for storage account encryption (as described on this documentation page)
    • Either system-managed or user-managed identities reproduces this issue
  • Create the storage account using above command
  • Observe that the command completes successfully, and has created a storage account does not have the CMK configured

Expected behavior

To have the storage account created with the CMK

Environment summary

Bash, Azure CLI 2.37.0, MacOS and Linux (Azure DevOps agent)

Additional context
@ghost ghost added customer-reported Issues that are reported by GitHub users external to the Azure organization. Storage az storage labels Jun 2, 2022
@ghost ghost added this to the Backlog milestone Jun 2, 2022
@ghost ghost assigned evelyn-ys Jun 2, 2022
@ghost ghost added Auto-Assign Auto assign by bot Installation labels Jun 2, 2022
@ghost ghost assigned jiasli Jun 2, 2022
@yonzhan
Copy link
Collaborator

yonzhan commented Jun 2, 2022

storage

@chrisking81
Copy link

We've just come across this exact issue, and doesn't look like it has been fixed yet.

@jiasli / @evelyn-ys - any update on this? could we get this prioritised to be worked on please?

@yonzhan yonzhan assigned calvinhzy and unassigned jiasli Jul 7, 2023
@calvinhzy calvinhzy mentioned this issue Jul 10, 2023
Merged
3 tasks
@calvinhzy
Copy link
Member

Hi @chrisking81 , @baaym , here is the private package to test https://zhiyihuangsa.blob.core.windows.net/sharing/cli-private-for-fixing-storage-account-create-with-encryption.zip Let me know if it fixes the issue.

Instructions to install: ## 1. Prepare and Use a separate virtual environment

Create a python virtual env named testenv with:

python -m venv testenv

Activate the env (if you are using powershell):

.\testenv\Scripts\Activate.ps1

Activate the env (if you are using bash):

source venv/bin/activate

2. Install CLI private package

Unzip the file and install three cli whl packages (azure_cli, azure_cli_core, azure_cli_telemetry):

pip install azure_cli-2.50.0.post20230710052857-py3-none-any.whl azure_cli_core-2.50.0.post20230710052857-py3-none-any.whl azure_cli_telemetry-1.0.8.post20230710052857-py3-none-any.whl

calvinhzy added a commit that referenced this issue Jul 21, 2023
@calvinhzy
[Storage] Fix #22704: az storage account create: `--encryption-key-…
00a31dc 
…type-for-queue` and `--encryption-key-type-for-table` no longer remove other settings (#26853)

* only create obj if not exist

* take into account of server fix for empty blob dict
avgale pushed a commit to avgale/azure-cli that referenced this issue Aug 24, 2023
@calvinhzy
[Storage] Fix Azure#22704: az storage account create: `--encryption…
4a04446 
…-key-type-for-queue` and `--encryption-key-type-for-table` no longer remove other settings (Azure#26853)

* only create obj if not exist

* take into account of server fix for empty blob dict
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@evelyn-ys evelyn-ys

@calvinhzy calvinhzy

Labels
Auto-Assign Auto assign by bot customer-reported Issues that are reported by GitHub users external to the Azure organization. Installation Storage az storage
Projects
None yet
Milestone
Backlog
6 participants
@baaym @jiasli @evelyn-ys @calvinhzy @chrisking81 @yonzhan