Azure · evelyn-ys · Apr 27, 2021 · Apr 22, 2021 · Apr 26, 2021 · Apr 26, 2021
@@ -174,6 +174,16 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
              'Shared Key. If false, then all requests, including shared access signatures, must be authorized with '
              'Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.')
 
+    sas_expiration_period_type = CLIArgumentType(
+        options_list=['--sas-expiration-period', '--sas-exp'], min_api='2021-02-01',
+        help='Expiration period of the SAS Policy assigned to the storage account, DD.HH:MM:SS.'
+    )
+
+    key_expiration_period_in_days_type = CLIArgumentType(
+        options_list=['--key-expiration-period-in-days', '--key-exp-days'], min_api='2021-02-01', type=int,
+        help='Expiration period in days of the Key Policy assigned to the storage account'
+    )
+
     t_blob_tier = self.get_sdk('_generated.models._azure_blob_storage_enums#AccessTierOptional',
                                resource_type=ResourceType.DATA_STORAGE_BLOB)
 
@@ -276,6 +286,8 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
         c.argument('user_identity_id', arg_group='Identity',
                    help='The key is the ARM resource identifier of the identity. Only 1 User Assigned identity is '
                    'permitted here.')
+        c.argument('key_expiration_period_in_days', key_expiration_period_in_days_type, is_preview=True)
+        c.argument('sas_expiration_period', sas_expiration_period_type, is_preview=True)
 
     with self.argument_context('storage account private-endpoint-connection',
                                resource_type=ResourceType.MGMT_STORAGE) as c:
@@ -335,6 +347,8 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
         c.argument('user_identity_id', arg_group='Identity',
                    help='The key is the ARM resource identifier of the identity. Only 1 User Assigned identity is '
                    'permitted here.')
+        c.argument('key_expiration_period_in_days', key_expiration_period_in_days_type, is_preview=True)
+        c.argument('sas_expiration_period', sas_expiration_period_type, is_preview=True)
 
     for scope in ['storage account create', 'storage account update']:
         with self.argument_context(scope, arg_group='Customer managed key', min_api='2017-06-01',

@@ -57,7 +57,8 @@ def create_storage_account(cmd, resource_group_name, account_name, sku=None, loc
                            routing_choice=None, publish_microsoft_endpoints=None, publish_internet_endpoints=None,
                            require_infrastructure_encryption=None, allow_blob_public_access=None,
                            min_tls_version=None, allow_shared_key_access=None, edge_zone=None,
-                           identity_type=None, user_identity_id=None, key_vault_user_identity_id=None):
+                           identity_type=None, user_identity_id=None, key_vault_user_identity_id=None,
+                           sas_expiration_period=None, key_expiration_period_in_days=None):
     StorageAccountCreateParameters, Kind, Sku, CustomDomain, AccessTier, Identity, Encryption, NetworkRuleSet = \
         cmd.get_models('StorageAccountCreateParameters', 'Kind', 'Sku', 'CustomDomain', 'AccessTier', 'Identity',
                        'Encryption', 'NetworkRuleSet')
@@ -185,6 +186,14 @@ def create_storage_account(cmd, resource_group_name, account_name, sku=None, loc
         params.extended_location = ExtendedLocation(name=edge_zone,
                                                     type=ExtendedLocationTypes.EDGE_ZONE)
 
+    if key_expiration_period_in_days is not None:
+        KeyPolicy = cmd.get_models('KeyPolicy')
+        params.key_policy = KeyPolicy(key_expiration_period_in_days=key_expiration_period_in_days)
+
+    if sas_expiration_period:
+        SasPolicy = cmd.get_models('SasPolicy')
+        params.sas_policy = SasPolicy(sas_expiration_period=sas_expiration_period)
+
     return scf.storage_accounts.begin_create(resource_group_name, account_name, params)
 
 
@@ -261,7 +270,8 @@ def update_storage_account(cmd, instance, sku=None, tags=None, custom_domain=Non
                            domain_sid=None, azure_storage_sid=None, routing_choice=None,
                            publish_microsoft_endpoints=None, publish_internet_endpoints=None,
                            allow_blob_public_access=None, min_tls_version=None, allow_shared_key_access=None,
-                           identity_type=None, user_identity_id=None, key_vault_user_identity_id=None):
+                           identity_type=None, user_identity_id=None, key_vault_user_identity_id=None,
+                           sas_expiration_period=None, key_expiration_period_in_days=None):
     StorageAccountUpdateParameters, Sku, CustomDomain, AccessTier, Identity, Encryption, NetworkRuleSet = \
         cmd.get_models('StorageAccountUpdateParameters', 'Sku', 'CustomDomain', 'AccessTier', 'Identity', 'Encryption',
                        'NetworkRuleSet')
@@ -426,6 +436,14 @@ def update_storage_account(cmd, instance, sku=None, tags=None, custom_domain=Non
     if allow_shared_key_access is not None:
         params.allow_shared_key_access = allow_shared_key_access
 
+    if key_expiration_period_in_days is not None:
+        KeyPolicy = cmd.get_models('KeyPolicy')
+        params.key_policy = KeyPolicy(key_expiration_period_in_days=key_expiration_period_in_days)
+
+    if sas_expiration_period:
+        SasPolicy = cmd.get_models('SasPolicy')
+        params.sas_policy = SasPolicy(sas_expiration_period=sas_expiration_period)
+
     return params