Describe the bug
After I use az storage container policy create to create a access policy, the container's access level will become private from blob or container.
But when I create access policy in the portal, the access level will not be effected.
Is there any way like arguments to avoid the change of access level when I create access policy by az cli?
I try it in centos7 with azure-cli version 2.38.1 and ubuntu with azure-cli version 2.56.0 are the same situation.
before az storage container policy create
after
Related command
az storage container policy create --account-name huantest --container-name test --name testpolicy
Errors
no errors
Issue script & Debug output
root@huanubuntu:~# az storage container policy create --account-name huantest --container-name test --name testpolicy --debug
cli.knack.cli: Command arguments: ['storage', 'container', 'policy', 'create', '--account-name', 'huantest', '--container-name', 'test', '--name', 'testpolicy', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7ffb094353a0>, <function OutputProducer.on_global_arguments at 0x7ffb093d5da0>, <function CLIQuery.on_global_arguments at 0x7ffb0940f880>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'storage': ['azure.cli.command_modules.storage']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: storage 0.161 59 273
cli.azure.cli.core: Total (1) 0.161 59 273
cli.azure.cli.core: Loaded 59 groups, 273 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : storage container policy create
cli.azure.cli.core: Command table: storage container policy create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7ffb086d0f40>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/root/.azure/commands/2024-01-16.10-16-15.storage_container_policy_create.2609.log'.
az_command_data_logger: command args: storage container policy create --account-name {} --container-name {} --name {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7ffb0848b420>]
cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/profiles/_shared.py", line 659, in _get_attr
op = getattr(op, part)
^^^^^^^^^^^^^^^^^
AttributeError: module 'azure.mgmt.storage.v2023_01_01.models' has no attribute 'ActiveDirectoryPropertiesAccountType'
cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/profiles/_shared.py", line 659, in _get_attr
op = getattr(op, part)
^^^^^^^^^^^^^^^^^
AttributeError: module 'azure.mgmt.storage.v2023_01_01.models' has no attribute 'ListKeyExpand'
cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/profiles/_shared.py", line 659, in _get_attr
op = getattr(op, part)
^^^^^^^^^^^^^^^^^
AttributeError: module 'azure.mgmt.storage.v2023_01_01.models' has no attribute 'CorsRuleAllowedMethodsItem'
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7ffb084e9120>, <function register_cache_arguments..add_cache_arguments at 0x7ffb084e9260>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7ffb093d5e40>, <function CLIQuery.handle_query_parameter at 0x7ffb0940f920>, <function register_ids_argument..parse_ids_arguments at 0x7ffb084e91c0>]
cli.azure.cli.command_modules.storage._validators: Try to get storage auth_mode value from environment variables or config file.
cli.azure.cli.command_modules.storage._validators: Try to get storage connection_string value from environment variables or config file.
cli.azure.cli.command_modules.storage._validators: Try to get storage key value from environment variables or config file.
cli.azure.cli.command_modules.storage._validators: Try to get storage sas_token value from environment variables or config file.
cli.azure.cli.command_modules.storage._validators:
There are no credentials provided in your command and environment, we will query for account key for your storage account.
It is recommended to provide --connection-string, --account-key or --sas-token in your command as credentials.
You also can add --auth-mode login in your command to use Azure Active Directory (Azure AD) for authorization if your login account is assigned required RBAC roles.
For more information about RBAC roles in storage, visit https://docs.microsoft.com/azure/storage/common/storage-auth-aad-rbac-cli.
In addition, setting the corresponding environment variables can avoid inputting credentials in your command. Please use --help to get more information about environment variable usage.
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=StorageManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='/root/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /root/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.partner.microsoftonline.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://microsoftgraph.chinacloudapi.cn/oidc/userinfo', 'authorization_endpoint': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/kerberos', 'tenant_region_scope': 'AS', 'cloud_instance_name': 'partner.microsoftonline.cn', 'cloud_graph_host_name': 'graph.chinacloudapi.cn', 'msgraph_host': 'microsoftgraph.chinacloudapi.cn', 'rbac_url': 'https://pas.chinacloudapi.cn'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.chinacloudapi.cn//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.chinacloudapi.cn//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 1db71994-4d8f-4a32-8556-ecc5aaf81d05
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.chinacloudapi.cn/subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/providers/Microsoft.Storage/storageAccounts?api-version=2023-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '47bc590b-b458-11ee-98d2-c36ede39f0ed'
cli.azure.cli.core.sdk.policies: 'CommandName': 'storage container policy create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--account-name --container-name --name --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.56.0 (DEB) azsdk-python-azure-mgmt-storage/21.1.0 Python/3.11.5 (Linux-5.15.0-1053-azure-x86_64-with-glibc2.31)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.chinacloudapi.cn:443
urllib3.connectionpool: https://management.chinacloudapi.cn:443 "GET /subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/providers/Microsoft.Storage/storageAccounts?api-version=2023-01-01 HTTP/1.1" 200 1325
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Content-Encoding': 'gzip'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.sdk.policies: 'x-ms-original-request-ids': 'c12a796b-ac74-406e-86fd-9a40bbea69cf, 9a858df2-4350-458a-a0e1-8ed55f162d7d'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '14999'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '8bb6ac0c-c914-44b8-9d70-fce2faf2374d'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '8bb6ac0c-c914-44b8-9d70-fce2faf2374d'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'CHINANORTH3:20240116T101615Z:8bb6ac0c-c914-44b8-9d70-fce2faf2374d'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 16 Jan 2024 10:16:15 GMT'
cli.azure.cli.core.sdk.policies: 'Content-Length': '1325'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"value":[{"sku":{"name":"Standard_RAGRS","tier":"Standard"},"kind":"StorageV2","id":"/subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/resourceGroups/huanRG/providers/Microsoft.Storage/storageAccounts/huanafs","name":"huanafs","type":"Microsoft.Storage/storageAccounts","location":"chinaeast2","tags":{},"properties":{"publicNetworkAccess":"Enabled","keyCreationTime":{"key1":"2023-12-21T03:14:44.8361142Z","key2":"2023-12-21T03:14:44.8361142Z"},"allowCrossTenantReplication":false,"privateEndpointConnections":[],"minimumTlsVersion":"TLS1_2","allowBlobPublicAccess":false,"allowSharedKeyAccess":true,"networkAcls":{"ipv6Rules":[],"bypass":"AzureServices","virtualNetworkRules":[],"ipRules":[],"defaultAction":"Allow"},"supportsHttpsTrafficOnly":true,"encryption":{"requireInfrastructureEncryption":false,"services":{"file":{"keyType":"Account","enabled":true,"lastEnabledTime":"2023-12-21T03:14:44.8361142Z"},"blob":{"keyType":"Account","enabled":true,"lastEnabledTime":"2023-12-21T03:14:44.8361142Z"}},"keySource":"Microsoft.Storage"},"accessTier":"Hot","provisioningState":"Succeeded","creationTime":"2023-12-21T03:14:44.7735891Z","primaryEndpoints":{"dfs":"https://huanafs.dfs.core.chinacloudapi.cn/","web":"https://huanafs.z4.web.core.chinacloudapi.cn/","blob":"https://huanafs.blob.core.chinacloudapi.cn/","queue":"https://huanafs.queue.core.chinacloudapi.cn/","table":"https://huanafs.table.core.chinacloudapi.cn/","file":"https://huanafs.file.core.chinacloudapi.cn/"},"primaryLocation":"chinaeast2","statusOfPrimary":"available","secondaryLocation":"chinanorth2","statusOfSecondary":"available","secondaryEndpoints":{"dfs":"https://huanafs-secondary.dfs.core.chinacloudapi.cn/","web":"https://huanafs-secondary.z4.web.core.chinacloudapi.cn/","blob":"https://huanafs-secondary.blob.core.chinacloudapi.cn/","queue":"https://huanafs-secondary.queue.core.chinacloudapi.cn/","table":"https://huanafs-secondary.table.core.chinacloudapi.cn/"}}},{"sku":{"name":"Standard_LRS","tier":"Standard"},"kind":"StorageV2","id":"/subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/resourceGroups/huanRG/providers/Microsoft.Storage/storageAccounts/huanstorage","name":"huanstorage","type":"Microsoft.Storage/storageAccounts","location":"chinanorth3","tags":{},"properties":{"publicNetworkAccess":"Enabled","keyCreationTime":{"key1":"2023-12-21T03:05:46.3048505Z","key2":"2023-12-21T03:05:46.3048505Z"},"allowCrossTenantReplication":false,"privateEndpointConnections":[],"minimumTlsVersion":"TLS1_2","allowBlobPublicAccess":false,"allowSharedKeyAccess":true,"networkAcls":{"ipv6Rules":[],"bypass":"AzureServices","virtualNetworkRules":[],"ipRules":[],"defaultAction":"Allow"},"supportsHttpsTrafficOnly":true,"encryption":{"requireInfrastructureEncryption":false,"services":{"file":{"keyType":"Account","enabled":true,"lastEnabledTime":"2023-12-21T03:05:46.3048505Z"},"blob":{"keyType":"Account","enabled":true,"lastEnabledTime":"2023-12-21T03:05:46.3048505Z"}},"keySource":"Microsoft.Storage"},"accessTier":"Hot","provisioningState":"Succeeded","creationTime":"2023-12-21T03:05:46.2579753Z","primaryEndpoints":{"dfs":"https://huanstorage.dfs.core.chinacloudapi.cn/","web":"https://huanstorage.z5.web.core.chinacloudapi.cn/","blob":"https://huanstorage.blob.core.chinacloudapi.cn/","queue":"https://huanstorage.queue.core.chinacloudapi.cn/","table":"https://huanstorage.table.core.chinacloudapi.cn/","file":"https://huanstorage.file.core.chinacloudapi.cn/"},"primaryLocation":"chinaeast3","statusOfPrimary":"available","lastGeoFailoverTime":"2024-01-08T09:40:39.1779061Z"}},{"sku":{"name":"Standard_RAGRS","tier":"Standard"},"kind":"StorageV2","id":"/subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/resourceGroups/huanRG/providers/Microsoft.Storage/storageAccounts/huantest","name":"huantest","type":"Microsoft.Storage/storageAccounts","location":"chinanorth3","tags":{},"properties":{"publicNetworkAccess":"Enabled","keyCreationTime":{"key1":"2024-01-15T06:43:11.9200106Z","key2":"2024-01-15T06:43:11.9200106Z"},"allowCrossTenantReplication":false,"privateEndpointConnections":[],"minimumTlsVersion":"TLS1_2","allowBlobPublicAccess":true,"allowSharedKeyAccess":true,"networkAcls":{"ipv6Rules":[],"bypass":"AzureServices","virtualNetworkRules":[],"ipRules":[],"defaultAction":"Allow"},"supportsHttpsTrafficOnly":true,"encryption":{"requireInfrastructureEncryption":false,"services":{"file":{"keyType":"Account","enabled":true,"lastEnabledTime":"2024-01-15T06:43:11.9200106Z"},"blob":{"keyType":"Account","enabled":true,"lastEnabledTime":"2024-01-15T06:43:11.9200106Z"}},"keySource":"Microsoft.Storage"},"accessTier":"Hot","provisioningState":"Succeeded","creationTime":"2024-01-15T06:43:11.8574909Z","primaryEndpoints":{"dfs":"https://huantest.dfs.core.chinacloudapi.cn/","web":"https://huantest.z5.web.core.chinacloudapi.cn/","blob":"https://huantest.blob.core.chinacloudapi.cn/","queue":"https://huantest.queue.core.chinacloudapi.cn/","table":"https://huantest.table.core.chinacloudapi.cn/","file":"https://huantest.file.core.chinacloudapi.cn/"},"primaryLocation":"chinanorth3","statusOfPrimary":"available","secondaryLocation":"chinaeast3","statusOfSecondary":"available","secondaryEndpoints":{"dfs":"https://huantest-secondary.dfs.core.chinacloudapi.cn/","web":"https://huantest-secondary.z5.web.core.chinacloudapi.cn/","blob":"https://huantest-secondary.blob.core.chinacloudapi.cn/","queue":"https://huantest-secondary.queue.core.chinacloudapi.cn/","table":"https://huantest-secondary.table.core.chinacloudapi.cn/"}}}]}
cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/profiles/_shared.py", line 655, in _get_attr
op = import_module(full_mod_path)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/importlib/init.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1204, in _gcd_import
File "", line 1176, in _find_and_load
File "", line 1140, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'azure.mgmt.storage.v2023_01_01.models.storage_account_keys'
cli.azure.cli.command_modules.storage._validators: Disable HTTP logging to avoid having storage keys in debug logs
urllib3.connectionpool: https://management.chinacloudapi.cn:443 "POST /subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/resourceGroups/huanRG/providers/Microsoft.Storage/storageAccounts/huantest/listKeys?api-version=2023-01-01&$expand=kerb HTTP/1.1" 200 None
urllib3.connectionpool: Starting new HTTPS connection (1): huantest.blob.core.chinacloudapi.cn:443
urllib3.connectionpool: https://huantest.blob.core.chinacloudapi.cn:443 "GET /test?restype=container&comp=acl HTTP/1.1" 200 None
urllib3.connectionpool: https://huantest.blob.core.chinacloudapi.cn:443 "PUT /test?restype=container&comp=acl HTTP/1.1" 200 0
cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x7ffb084c6340>, <function _x509_from_base64_to_hex_transform at 0x7ffb084c63e0>]
cli.knack.cli: Event: CommandInvoker.OnFilterResult []
{
"client_request_id": "47bc590d-b458-11ee-98d2-c36ede39f0ed",
"date": "2024-01-16T10:16:15+00:00",
"etag": ""0x8DC167C2C6CEF01"",
"lastModified": "2024-01-16T10:16:15+00:00",
"request_id": "fc394349-001e-0062-6c65-483a75000000",
"version": "2022-11-02"
}
cli.knack.cli: Event: Cli.SuccessfulExecute []
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7ffb086d11c0>]
az_command_data_logger: exit code: 0
cli.main: Command ran in 0.925 seconds (init: 0.183, invoke: 0.742)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3480 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/opt/az/bin/python3 /opt/az/lib/python3.11/site-packages/azure/cli/telemetry/init.py /root/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
az storage container policy create will not effect container's access level.
Environment Summary
azure-cli 2.56.0
core 2.56.0
telemetry 1.1.0
Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2
Python location '/opt/az/bin/python3'
Extensions directory '/root/.azure/cliextensions'
Python (Linux) 3.11.5 (main, Jan 8 2024, 09:08:51) [GCC 9.4.0]
Additional context
No response
Describe the bug
After I use
az storage container policy createto create a access policy, the container's access level will become private from blob or container.But when I create access policy in the portal, the access level will not be effected.
Is there any way like arguments to avoid the change of access level when I create access policy by az cli?
I try it in centos7 with azure-cli version 2.38.1 and ubuntu with azure-cli version 2.56.0 are the same situation.
before
az storage container policy createafter
Related command
az storage container policy create --account-name huantest --container-name test --name testpolicyErrors
no errors
Issue script & Debug output
root@huanubuntu:~# az storage container policy create --account-name huantest --container-name test --name testpolicy --debug
cli.knack.cli: Command arguments: ['storage', 'container', 'policy', 'create', '--account-name', 'huantest', '--container-name', 'test', '--name', 'testpolicy', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7ffb094353a0>, <function OutputProducer.on_global_arguments at 0x7ffb093d5da0>, <function CLIQuery.on_global_arguments at 0x7ffb0940f880>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'storage': ['azure.cli.command_modules.storage']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: storage 0.161 59 273
cli.azure.cli.core: Total (1) 0.161 59 273
cli.azure.cli.core: Loaded 59 groups, 273 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : storage container policy create
cli.azure.cli.core: Command table: storage container policy create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7ffb086d0f40>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/root/.azure/commands/2024-01-16.10-16-15.storage_container_policy_create.2609.log'.
az_command_data_logger: command args: storage container policy create --account-name {} --container-name {} --name {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7ffb0848b420>]
cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/profiles/_shared.py", line 659, in _get_attr
op = getattr(op, part)
^^^^^^^^^^^^^^^^^
AttributeError: module 'azure.mgmt.storage.v2023_01_01.models' has no attribute 'ActiveDirectoryPropertiesAccountType'
cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/profiles/_shared.py", line 659, in _get_attr
op = getattr(op, part)
^^^^^^^^^^^^^^^^^
AttributeError: module 'azure.mgmt.storage.v2023_01_01.models' has no attribute 'ListKeyExpand'
cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/profiles/_shared.py", line 659, in _get_attr
op = getattr(op, part)
^^^^^^^^^^^^^^^^^
AttributeError: module 'azure.mgmt.storage.v2023_01_01.models' has no attribute 'CorsRuleAllowedMethodsItem'
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7ffb084e9120>, <function register_cache_arguments..add_cache_arguments at 0x7ffb084e9260>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7ffb093d5e40>, <function CLIQuery.handle_query_parameter at 0x7ffb0940f920>, <function register_ids_argument..parse_ids_arguments at 0x7ffb084e91c0>]
cli.azure.cli.command_modules.storage._validators: Try to get storage auth_mode value from environment variables or config file.
cli.azure.cli.command_modules.storage._validators: Try to get storage connection_string value from environment variables or config file.
cli.azure.cli.command_modules.storage._validators: Try to get storage key value from environment variables or config file.
cli.azure.cli.command_modules.storage._validators: Try to get storage sas_token value from environment variables or config file.
cli.azure.cli.command_modules.storage._validators:
There are no credentials provided in your command and environment, we will query for account key for your storage account.
It is recommended to provide --connection-string, --account-key or --sas-token in your command as credentials.
You also can add
--auth-mode loginin your command to use Azure Active Directory (Azure AD) for authorization if your login account is assigned required RBAC roles.For more information about RBAC roles in storage, visit https://docs.microsoft.com/azure/storage/common/storage-auth-aad-rbac-cli.
In addition, setting the corresponding environment variables can avoid inputting credentials in your command. Please use --help to get more information about environment variable usage.
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=StorageManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='/root/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /root/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.partner.microsoftonline.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://microsoftgraph.chinacloudapi.cn/oidc/userinfo', 'authorization_endpoint': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.chinacloudapi.cn/954ddad8-66d7-47a8-8f9f-1316152d9587/kerberos', 'tenant_region_scope': 'AS', 'cloud_instance_name': 'partner.microsoftonline.cn', 'cloud_graph_host_name': 'graph.chinacloudapi.cn', 'msgraph_host': 'microsoftgraph.chinacloudapi.cn', 'rbac_url': 'https://pas.chinacloudapi.cn'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.chinacloudapi.cn//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.chinacloudapi.cn//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 1db71994-4d8f-4a32-8556-ecc5aaf81d05
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.chinacloudapi.cn/subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/providers/Microsoft.Storage/storageAccounts?api-version=2023-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '47bc590b-b458-11ee-98d2-c36ede39f0ed'
cli.azure.cli.core.sdk.policies: 'CommandName': 'storage container policy create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--account-name --container-name --name --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.56.0 (DEB) azsdk-python-azure-mgmt-storage/21.1.0 Python/3.11.5 (Linux-5.15.0-1053-azure-x86_64-with-glibc2.31)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.chinacloudapi.cn:443
urllib3.connectionpool: https://management.chinacloudapi.cn:443 "GET /subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/providers/Microsoft.Storage/storageAccounts?api-version=2023-01-01 HTTP/1.1" 200 1325
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Content-Encoding': 'gzip'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.sdk.policies: 'x-ms-original-request-ids': 'c12a796b-ac74-406e-86fd-9a40bbea69cf, 9a858df2-4350-458a-a0e1-8ed55f162d7d'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '14999'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '8bb6ac0c-c914-44b8-9d70-fce2faf2374d'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '8bb6ac0c-c914-44b8-9d70-fce2faf2374d'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'CHINANORTH3:20240116T101615Z:8bb6ac0c-c914-44b8-9d70-fce2faf2374d'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 16 Jan 2024 10:16:15 GMT'
cli.azure.cli.core.sdk.policies: 'Content-Length': '1325'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"value":[{"sku":{"name":"Standard_RAGRS","tier":"Standard"},"kind":"StorageV2","id":"/subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/resourceGroups/huanRG/providers/Microsoft.Storage/storageAccounts/huanafs","name":"huanafs","type":"Microsoft.Storage/storageAccounts","location":"chinaeast2","tags":{},"properties":{"publicNetworkAccess":"Enabled","keyCreationTime":{"key1":"2023-12-21T03:14:44.8361142Z","key2":"2023-12-21T03:14:44.8361142Z"},"allowCrossTenantReplication":false,"privateEndpointConnections":[],"minimumTlsVersion":"TLS1_2","allowBlobPublicAccess":false,"allowSharedKeyAccess":true,"networkAcls":{"ipv6Rules":[],"bypass":"AzureServices","virtualNetworkRules":[],"ipRules":[],"defaultAction":"Allow"},"supportsHttpsTrafficOnly":true,"encryption":{"requireInfrastructureEncryption":false,"services":{"file":{"keyType":"Account","enabled":true,"lastEnabledTime":"2023-12-21T03:14:44.8361142Z"},"blob":{"keyType":"Account","enabled":true,"lastEnabledTime":"2023-12-21T03:14:44.8361142Z"}},"keySource":"Microsoft.Storage"},"accessTier":"Hot","provisioningState":"Succeeded","creationTime":"2023-12-21T03:14:44.7735891Z","primaryEndpoints":{"dfs":"https://huanafs.dfs.core.chinacloudapi.cn/","web":"https://huanafs.z4.web.core.chinacloudapi.cn/","blob":"https://huanafs.blob.core.chinacloudapi.cn/","queue":"https://huanafs.queue.core.chinacloudapi.cn/","table":"https://huanafs.table.core.chinacloudapi.cn/","file":"https://huanafs.file.core.chinacloudapi.cn/"},"primaryLocation":"chinaeast2","statusOfPrimary":"available","secondaryLocation":"chinanorth2","statusOfSecondary":"available","secondaryEndpoints":{"dfs":"https://huanafs-secondary.dfs.core.chinacloudapi.cn/","web":"https://huanafs-secondary.z4.web.core.chinacloudapi.cn/","blob":"https://huanafs-secondary.blob.core.chinacloudapi.cn/","queue":"https://huanafs-secondary.queue.core.chinacloudapi.cn/","table":"https://huanafs-secondary.table.core.chinacloudapi.cn/"}}},{"sku":{"name":"Standard_LRS","tier":"Standard"},"kind":"StorageV2","id":"/subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/resourceGroups/huanRG/providers/Microsoft.Storage/storageAccounts/huanstorage","name":"huanstorage","type":"Microsoft.Storage/storageAccounts","location":"chinanorth3","tags":{},"properties":{"publicNetworkAccess":"Enabled","keyCreationTime":{"key1":"2023-12-21T03:05:46.3048505Z","key2":"2023-12-21T03:05:46.3048505Z"},"allowCrossTenantReplication":false,"privateEndpointConnections":[],"minimumTlsVersion":"TLS1_2","allowBlobPublicAccess":false,"allowSharedKeyAccess":true,"networkAcls":{"ipv6Rules":[],"bypass":"AzureServices","virtualNetworkRules":[],"ipRules":[],"defaultAction":"Allow"},"supportsHttpsTrafficOnly":true,"encryption":{"requireInfrastructureEncryption":false,"services":{"file":{"keyType":"Account","enabled":true,"lastEnabledTime":"2023-12-21T03:05:46.3048505Z"},"blob":{"keyType":"Account","enabled":true,"lastEnabledTime":"2023-12-21T03:05:46.3048505Z"}},"keySource":"Microsoft.Storage"},"accessTier":"Hot","provisioningState":"Succeeded","creationTime":"2023-12-21T03:05:46.2579753Z","primaryEndpoints":{"dfs":"https://huanstorage.dfs.core.chinacloudapi.cn/","web":"https://huanstorage.z5.web.core.chinacloudapi.cn/","blob":"https://huanstorage.blob.core.chinacloudapi.cn/","queue":"https://huanstorage.queue.core.chinacloudapi.cn/","table":"https://huanstorage.table.core.chinacloudapi.cn/","file":"https://huanstorage.file.core.chinacloudapi.cn/"},"primaryLocation":"chinaeast3","statusOfPrimary":"available","lastGeoFailoverTime":"2024-01-08T09:40:39.1779061Z"}},{"sku":{"name":"Standard_RAGRS","tier":"Standard"},"kind":"StorageV2","id":"/subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/resourceGroups/huanRG/providers/Microsoft.Storage/storageAccounts/huantest","name":"huantest","type":"Microsoft.Storage/storageAccounts","location":"chinanorth3","tags":{},"properties":{"publicNetworkAccess":"Enabled","keyCreationTime":{"key1":"2024-01-15T06:43:11.9200106Z","key2":"2024-01-15T06:43:11.9200106Z"},"allowCrossTenantReplication":false,"privateEndpointConnections":[],"minimumTlsVersion":"TLS1_2","allowBlobPublicAccess":true,"allowSharedKeyAccess":true,"networkAcls":{"ipv6Rules":[],"bypass":"AzureServices","virtualNetworkRules":[],"ipRules":[],"defaultAction":"Allow"},"supportsHttpsTrafficOnly":true,"encryption":{"requireInfrastructureEncryption":false,"services":{"file":{"keyType":"Account","enabled":true,"lastEnabledTime":"2024-01-15T06:43:11.9200106Z"},"blob":{"keyType":"Account","enabled":true,"lastEnabledTime":"2024-01-15T06:43:11.9200106Z"}},"keySource":"Microsoft.Storage"},"accessTier":"Hot","provisioningState":"Succeeded","creationTime":"2024-01-15T06:43:11.8574909Z","primaryEndpoints":{"dfs":"https://huantest.dfs.core.chinacloudapi.cn/","web":"https://huantest.z5.web.core.chinacloudapi.cn/","blob":"https://huantest.blob.core.chinacloudapi.cn/","queue":"https://huantest.queue.core.chinacloudapi.cn/","table":"https://huantest.table.core.chinacloudapi.cn/","file":"https://huantest.file.core.chinacloudapi.cn/"},"primaryLocation":"chinanorth3","statusOfPrimary":"available","secondaryLocation":"chinaeast3","statusOfSecondary":"available","secondaryEndpoints":{"dfs":"https://huantest-secondary.dfs.core.chinacloudapi.cn/","web":"https://huantest-secondary.z5.web.core.chinacloudapi.cn/","blob":"https://huantest-secondary.blob.core.chinacloudapi.cn/","queue":"https://huantest-secondary.queue.core.chinacloudapi.cn/","table":"https://huantest-secondary.table.core.chinacloudapi.cn/"}}}]}
cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/profiles/_shared.py", line 655, in _get_attr
op = import_module(full_mod_path)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/importlib/init.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1204, in _gcd_import
File "", line 1176, in _find_and_load
File "", line 1140, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'azure.mgmt.storage.v2023_01_01.models.storage_account_keys'
cli.azure.cli.command_modules.storage._validators: Disable HTTP logging to avoid having storage keys in debug logs
urllib3.connectionpool: https://management.chinacloudapi.cn:443 "POST /subscriptions/2c91f5d9-a071-4edc-afc2-f6b94ef1bc8a/resourceGroups/huanRG/providers/Microsoft.Storage/storageAccounts/huantest/listKeys?api-version=2023-01-01&$expand=kerb HTTP/1.1" 200 None
urllib3.connectionpool: Starting new HTTPS connection (1): huantest.blob.core.chinacloudapi.cn:443
urllib3.connectionpool: https://huantest.blob.core.chinacloudapi.cn:443 "GET /test?restype=container&comp=acl HTTP/1.1" 200 None
urllib3.connectionpool: https://huantest.blob.core.chinacloudapi.cn:443 "PUT /test?restype=container&comp=acl HTTP/1.1" 200 0
cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x7ffb084c6340>, <function _x509_from_base64_to_hex_transform at 0x7ffb084c63e0>]
cli.knack.cli: Event: CommandInvoker.OnFilterResult []
{
"client_request_id": "47bc590d-b458-11ee-98d2-c36ede39f0ed",
"date": "2024-01-16T10:16:15+00:00",
"etag": ""0x8DC167C2C6CEF01"",
"lastModified": "2024-01-16T10:16:15+00:00",
"request_id": "fc394349-001e-0062-6c65-483a75000000",
"version": "2022-11-02"
}
cli.knack.cli: Event: Cli.SuccessfulExecute []
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7ffb086d11c0>]
az_command_data_logger: exit code: 0
cli.main: Command ran in 0.925 seconds (init: 0.183, invoke: 0.742)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3480 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/opt/az/bin/python3 /opt/az/lib/python3.11/site-packages/azure/cli/telemetry/init.py /root/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
az storage container policy createwill not effect container's access level.Environment Summary
azure-cli 2.56.0
core 2.56.0
telemetry 1.1.0
Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2
Python location '/opt/az/bin/python3'
Extensions directory '/root/.azure/cliextensions'
Python (Linux) 3.11.5 (main, Jan 8 2024, 09:08:51) [GCC 9.4.0]
Additional context
No response