Creating an Azure Storage Account in C# using Fluent API with no Allow Blob Public Access

1
votes

My goal is to create an Azure storage account from C# code using the Fluent API (Microsoft.Azure.Management.Fluent).

My code executes correctly except that my organization has a policy which requires that all storage accounts must be created with "Allow Blob public access" set to Disabled. Is there any way to specify that as an option using the Fluent approach?

                TargetStorageAccount = AzureClient.StorageAccounts.Define(storageAccountName)
                    .WithRegion(Region.AustraliaCentral)
                    .WithExistingResourceGroup(ResourceGroupName)
                    .WithSku(StorageAccountSkuType.Standard_LRS)
                    .WithGeneralPurposeAccountKindV2()
                    .Create();
1
c#azureazure-storageazure-storage-blobs
i dont think Fluent has the option at the moment that you can use to create a storage account with "allow blob public access" disabled. Going with the Rest API is probably your best choice for now.Jawad
How's going? has your issue got solved ?Stanley Gong
No, apparently the fluent API can't achieve the goal. So, I punted back to using Microsoft.Azure.Management.Storage.StorageManagementClient to programmatically create a storage account which prohibits creating public containers. It's too bad as I'd rather use the fluent API but it is incomplete.Bonnie
@Bonnie I have updated my answer. You can use ARM template and fluent API to do thatStanley Gong

1 Answers

0
votes

You can use ARM template to deploy storage account with "Allow Blob public access" set to Disabled.

For a fast demo, this is my template for the storage account:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "storagePrefix": {
            "type": "string",
            "minLength": 3,
            "maxLength": 11
        },
        "storageSKU": {
            "type": "string",
            "defaultValue": "Standard_LRS",
            "allowedValues": [
                "Standard_LRS",
                "Standard_GRS",
                "Standard_RAGRS",
                "Standard_ZRS",
                "Premium_LRS",
                "Premium_ZRS",
                "Standard_GZRS",
                "Standard_RAGZRS"
            ]
        },
        "location": {
            "type": "string",
            "defaultValue": "[resourceGroup().location]"
        }
    },

    "variables": {
        "uniqueStorageName": "[concat(parameters('storagePrefix'), '4testonly')]"
    },
    "resources": [{
            "type": "Microsoft.Storage/storageAccounts",
            "apiVersion": "2019-04-01",
            "name": "[variables('uniqueStorageName')]",
            "location": "[parameters('location')]",
            "sku": {
                "name": "[parameters('storageSKU')]"
            },
            "kind": "StorageV2",
            "properties": {
                "supportsHttpsTrafficOnly": true,
                "allowBlobPublicAccess": false
            }
        }
    ],
    "outputs": {
        "result": {
            "type": "string",
            "value": "done"
        }
    }
}

allowBlobPublicAccess set to false.

This is the code using fluent API to create this deployment:

    var storageAccountName = "<your new storage account name>";

    var templateJson = File.ReadAllText(@"<path of template file>\storageOnly.json");

    azure.Deployments.Define("storageDepolyTest")
            .WithExistingResourceGroup("<your resource group name>")
            .WithTemplate(templateJson)
            .WithParameters("{\"storagePrefix\":{\"value\":\""+ storageAccountName + "\"}}")
            .WithMode(DeploymentMode.Incremental)
            .Create();

Result:

enter image description here