[Storage] BREAKING CHANGE: az storage container-rm update: Remove `…

…--default-encryption-scope` and `--deny-encryption-scope-override` as they should only be specified during create (#27791) * `az storage container-rm update`: `--default-encryption-scope` and `--deny-encryption-scope-override` should not be specified during update * remove from update function * remove from help
Azure · Nov 8, 2023 · 215a8b9 · 215a8b9
1 parent 68990c9
commit 215a8b9
Show file tree

Hide file tree

Showing 5 changed files with 130 additions and 238 deletions.
diff --git a/src/azure-cli/azure/cli/command_modules/storage/_help.py b/src/azure-cli/azure/cli/command_modules/storage/_help.py
@@ -1436,7 +1436,7 @@
   - name: Update the metadata for a container under the specified storage account(account id).
     text: az storage container-rm update --storage-account myaccountid --name mycontainer --metadata newkey1=newvalue1 newkey2=newvalue2
   - name: Update the default encryption scope for a container by resource id.
-    text: az storage container-rm update --ids mycontainerid --default-encryption-scope myencryptionscope
+    text: az storage container-rm update --ids mycontainerid --public-access blob
 """
 
 helps['storage container'] = """

diff --git a/src/azure-cli/azure/cli/command_modules/storage/_params.py b/src/azure-cli/azure/cli/command_modules/storage/_params.py
@@ -1698,28 +1698,19 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
                                    resource_type=ResourceType.MGMT_STORAGE) as c:
             from ._validators import validate_container_nfsv3_squash
             t_root_squash = self.get_models('RootSquashType', resource_type=ResourceType.MGMT_STORAGE)
-            c.argument('default_encryption_scope', options_list=['--default-encryption-scope', '-d'],
-                       arg_group='Encryption Policy', min_api='2019-06-01',
-                       help='Default the container to use specified encryption scope for all writes.')
-            c.argument('deny_encryption_scope_override',
-                       options_list=['--deny-encryption-scope-override', '--deny-override'],
-                       arg_type=get_three_state_flag(), arg_group='Encryption Policy', min_api='2019-06-01',
-                       help='Block override of encryption scope from the container default.')
             c.extra('root_squash', arg_type=get_enum_type(t_root_squash), min_api='2021-06-01',
                     help='Enable NFSv3 squash on blob container.', validator=validate_container_nfsv3_squash)
             c.ignore('enable_nfs_v3_root_squash')
             c.ignore('enable_nfs_v3_all_squash')
 
-    with self.argument_context('storage container-rm update', resource_type=ResourceType.MGMT_STORAGE) as c:
+    with self.argument_context('storage container-rm create', resource_type=ResourceType.MGMT_STORAGE) as c:
         c.argument('default_encryption_scope', options_list=['--default-encryption-scope', '-d'],
                    arg_group='Encryption Policy', min_api='2019-06-01',
-                   help='Default the container to use specified encryption scope for all writes.',
-                   deprecate_info=c.deprecate(hide=True, target='--default-encryption-scope', expiration="2.54"))
+                   help='Default the container to use specified encryption scope for all writes.')
         c.argument('deny_encryption_scope_override',
                    options_list=['--deny-encryption-scope-override', '--deny-override'],
                    arg_type=get_three_state_flag(), arg_group='Encryption Policy', min_api='2019-06-01',
-                   help='Block override of encryption scope from the container default.',
-                   deprecate_info=c.deprecate(hide=True, target='--deny-encryption-scope-override', expiration="2.54"))
+                   help='Block override of encryption scope from the container default.')
 
     with self.argument_context('storage container-rm list', resource_type=ResourceType.MGMT_STORAGE) as c:
         c.argument('account_name', storage_account_type, id_part=None)

diff --git a/src/azure-cli/azure/cli/command_modules/storage/operations/blob.py b/src/azure-cli/azure/cli/command_modules/storage/operations/blob.py
@@ -88,26 +88,12 @@ def create_container_rm(cmd, client, container_name, resource_group_name, accoun
 
 
 def update_container_rm(cmd, instance, metadata=None, public_access=None,
-                        default_encryption_scope=None, deny_encryption_scope_override=None,
                         enable_nfs_v3_root_squash=None, enable_nfs_v3_all_squash=None):
     BlobContainer = cmd.get_models('BlobContainer', resource_type=ResourceType.MGMT_STORAGE)
 
-    # # TODO will remove warning as well as the parameters in November 2023
-    if default_encryption_scope is not None:
-        logger.warning('--default-encryption-scope cannot be updated after container is created. '
-                       'When it is provided, it will be ignored by the server. '
-                       'This parameter will be removed for the update command in November 2023.')
-    if deny_encryption_scope_override is not None:
-        logger.warning('--deny-encryption-scope-override cannot be updated after container is created. '
-                       'When it is provided, it will be ignored by the server. '
-                       'This parameter will be removed for the update command in November 2023.')
     blob_container = BlobContainer(
         metadata=metadata if metadata is not None else instance.metadata,
         public_access=public_access if public_access is not None else instance.public_access,
-        default_encryption_scope=default_encryption_scope
-        if default_encryption_scope is not None else instance.default_encryption_scope,
-        deny_encryption_scope_override=deny_encryption_scope_override
-        if deny_encryption_scope_override is not None else instance.deny_encryption_scope_override,
         enable_nfs_v3_all_squash=enable_nfs_v3_all_squash
         if enable_nfs_v3_all_squash is not None else instance.enable_nfs_v3_all_squash,
         enable_nfs_v3_root_squash=enable_nfs_v3_root_squash

diff --git a/...odules/storage/tests/latest/recordings/test_storage_container_using_rm_main_scenario.yaml b/...odules/storage/tests/latest/recordings/test_storage_container_using_rm_main_scenario.yaml
diff --git a/...cli/azure/cli/command_modules/storage/tests/latest/test_storage_container_rm_scenarios.py b/...cli/azure/cli/command_modules/storage/tests/latest/test_storage_container_rm_scenarios.py
@@ -100,11 +100,6 @@ def test_storage_container_using_rm_main_scenario(self):
         self.assertEqual(result['name'], container_name)
         self.assertEqual(result['publicAccess'], 'Container')
 
-        # Update container by container resource id.
-        result = self.cmd('storage container-rm update --ids {container_id} '
-                          '--deny-encryption-scope-override true').get_output_in_json()
-        self.assertEqual(result['denyEncryptionScopeOverride'], True)
-
         # 5. Test list command(with storage account name and resource group)
         result = self.cmd('storage container-rm list --storage-account {sa} --query "[].name"').get_output_in_json()
         self.assertIn(container_name, result)