diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/Bucket.tsp b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/Bucket.tsp index 8ba020886a35..cb37c3ad3f98 100644 --- a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/Bucket.tsp +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/Bucket.tsp @@ -83,6 +83,19 @@ model BucketProperties { * Access permissions for the bucket. Either ReadOnly or ReadWrite. The default is ReadOnly if no value is provided during bucket creation. */ permissions?: BucketPermissions = BucketPermissions.ReadOnly; + + /** + * Specifies the Azure Key Vault settings. These are used when + * a) retrieving the bucket server certificate, and + * b) storing the bucket credentials + * + * Notes: + * + * 1. If a bucket certificate was previously provided directly using the certificateObject property, it is possible to subsequently use the Azure Key Vault for certificate management by using these 'akvDetails' properties. However, once Azure Key Vault is configured, it is no longer possible to provide the certificate directly via the certificateObject property. + * 2. These properties are mutually exclusive with the server.certificateObject property. + */ + @added(Versions.v2025_09_01_preview) + akvDetails?: AzureKeyVaultDetails; } /** @@ -178,10 +191,102 @@ model BucketServerProperties { /** * A base64-encoded PEM file, which includes both the bucket server's certificate and private key. It is used to authenticate the user and allows access to volume data in a read-only manner. */ + @removed(Versions.v2025_08_01) + @added(Versions.v2025_08_01_preview) + @removed(Versions.v2025_09_01) + @removed(Versions.v2025_09_01_preview) + @renamedFrom(Versions.v2025_09_01_preview, "certificateObject") @maxLength(10240) @minLength(1) @visibility(Lifecycle.Create, Lifecycle.Update) + certificateObjectOld?: string; + + /** + * The base64-encoded contents of a PEM file, which includes both the bucket server's certificate and private key. It is generated by the end user and allows the user to access volume data in a read-only manner. + * Note: This is only used when Azure Key Vault is not configured. This property is mutually exclusive with the Azure Key Vault 'akv' properties. + */ + @added(Versions.v2025_09_01_preview) + @maxLength(20480) + @minLength(1) + @secret + @visibility(Lifecycle.Create, Lifecycle.Update) certificateObject?: string; + + /** + * Action to take when there is a certificate conflict. + * Possible values include: 'Update', 'Fail' + */ + @added(Versions.v2025_09_01_preview) + onCertificateConflictAction?: OnCertificateConflictAction; +} + +/** + * Specifies the Azure Key Vault settings. These are used when + * a) retrieving the bucket server certificate, and + * b) storing the bucket credentials + * + * Notes: + * + * 1. If a bucket certificate was previously provided directly using the certificateObject property, it is possible to subsequently use the Azure Key Vault for certificate management by using these 'akvDetails' properties. However, once Azure Key Vault is configured, it is no longer possible to provide the certificate directly via the certificateObject property. + * + * 2. These properties are mutually exclusive with the server.certificateObject property. + */ +@added(Versions.v2025_09_01_preview) +model AzureKeyVaultDetails { + /** + * Specifies the Azure Key Vault settings for retrieving the bucket server certificate. + */ + certificateAkvDetails?: CertificateAkvDetails; + + /** + * Specifies the Azure Key Vault settings for storing the bucket credentials. + */ + credentialsAkvDetails?: CredentialsAkvDetails; +} + +/** + * Specifies the Azure Key Vault settings for retrieving the bucket server certificate. + */ +@added(Versions.v2025_09_01_preview) +model CertificateAkvDetails { + /** + * The base URI of the Azure Key Vault that is used when retrieving the bucket certificate. + */ + @example("https://.vault.azure.net/") + certificateKeyVaultUri?: url; + + /** + * The name of the bucket server certificate stored in the Azure Key Vault. + */ + @maxLength(127) + @minLength(1) + @pattern("^[a-zA-Z0-9-]{1,127}$") + certificateName?: string; +} + +/** + * Specifies the Azure Key Vault settings for storing the bucket credentials. + */ +@added(Versions.v2025_09_01_preview) +model CredentialsAkvDetails { + /** + * The base URI of the Azure Key Vault that is used when storing the bucket credentials. + */ + @example("https://.vault.azure.net/") + credentialsKeyVaultUri?: url; + + /** + * The name of the secret stored in Azure Key Vault. The associated key pair has the following structure: + * + * { + * "access_key_id": "", + * "secret_access_key": "" + * } + */ + @maxLength(127) + @minLength(1) + @pattern("^[a-zA-Z0-9-]{1,127}$") + secretName?: string; } /** @@ -234,6 +339,19 @@ model BucketPatchProperties { * Access permissions for the bucket. Either ReadOnly or ReadWrite. */ permissions?: BucketPatchPermissions; + + /** + * Specifies the Azure Key Vault settings. These are used when + * a) retrieving the bucket server certificate, and + * b) storing the bucket credentials + * + * Notes: + * + * 1. If a bucket certificate was previously provided directly using the certificateObject property, it is possible to subsequently use the Azure Key Vault for certificate management by using these 'akvDetails' properties. However, once Azure Key Vault is configured, it is no longer possible to provide the certificate directly via the certificateObject property. + * 2. These properties are mutually exclusive with the server.certificateObject property. + */ + @added(Versions.v2025_09_01_preview) + akvDetails?: AzureKeyVaultDetails; } /** @@ -253,10 +371,33 @@ model BucketServerPatchProperties { /** * A base64-encoded PEM file, which includes both the bucket server's certificate and private key. It is used to authenticate the user and allows access to volume data in a read-only manner. */ + @removed(Versions.v2025_08_01) + @added(Versions.v2025_08_01_preview) + @removed(Versions.v2025_09_01) + @removed(Versions.v2025_09_01_preview) + @renamedFrom(Versions.v2025_09_01_preview, "certificateObject") @maxLength(10240) @minLength(1) @visibility(Lifecycle.Create, Lifecycle.Update) + certificateObjectOld?: string; + + /** + * The base64-encoded contents of a PEM file, which includes both the bucket server's certificate and private key. It is generated by the end user and allows the user to access volume data in a read-only manner. + * Note: This is only used when Azure Key Vault is not configured. This property is mutually exclusive with the Azure Key Vault 'akv' properties. + */ + @added(Versions.v2025_09_01_preview) + @maxLength(20480) + @minLength(1) + @secret + @visibility(Lifecycle.Create, Lifecycle.Update) certificateObject?: string; + + /** + * Action to take when there is a certificate conflict. + * Possible values include: 'Update', 'Fail' + */ + @added(Versions.v2025_09_01_preview) + onCertificateConflictAction?: OnCertificateConflictAction; } /** @@ -381,6 +522,26 @@ union BucketPatchPermissions { ReadWrite: "ReadWrite", } +/** + * This action is triggered when a certificate conflict occurs. A conflict arises if you try to create a new bucket while one or more already exist on the server, or if you update a bucket when multiple buckets are present. This happens because a single certificate is shared among all buckets on the same server. + * + * Note: This applies both to certificates provided directly via the certificateObject property and to those retrieved from Azure Key Vault. Details for the latter case are specified in the akvDetails.certificateAkvDetails section. + */ +@added(Versions.v2025_09_01_preview) +union OnCertificateConflictAction { + string, + + /** + * Update the existing certificate regardless of whether there is a conflict or not. This means all buckets on the server will now use the new certificate. + */ + Update: "Update", + + /** + * Fail the operation if a conflict occurs, meaning the bucket operation will fail, and the existing certificate will continue to be in use. + */ + Fail: "Fail", +} + @added(Versions.v2025_07_01_preview) @removed(Versions.v2025_08_01) @added(Versions.v2025_08_01_preview) @@ -432,6 +593,30 @@ interface Buckets { BucketCredentialsExpiry, ArmResponse >; + + /** + * Generate the access key and secret key used for accessing the specified volume bucket and store in Azure Key Vault. + */ + @added(Versions.v2025_09_01_preview) + @Azure.Core.useFinalStateVia("azure-async-operation") + generateAkvCredentials is ArmResourceActionNoResponseContentAsync< + Bucket, + BucketCredentialsExpiry, + LroHeaders = ArmCombinedLroHeaders & + Azure.Core.Foundations.RetryAfterHeader + >; + + /** + * This operation will fetch the certificate from Azure Key Vault and install it on the bucket server. + */ + @added(Versions.v2025_09_01_preview) + @Azure.Core.useFinalStateVia("azure-async-operation") + refreshCertificate is ArmResourceActionNoResponseContentAsync< + Bucket, + void, + LroHeaders = ArmCombinedLroHeaders & + Azure.Core.Foundations.RetryAfterHeader + >; } @@maxLength(Bucket.name, 63); diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_CreateOrUpdate.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_CreateOrUpdate.json index ade0472c753c..aa7884297cdb 100644 --- a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_CreateOrUpdate.json +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_CreateOrUpdate.json @@ -13,8 +13,9 @@ }, "permissions": "ReadOnly", "server": { + "fqdn": "fullyqualified.domainname.com", "certificateObject": "", - "fqdn": "fullyqualified.domainname.com" + "onCertificateConflictAction": "Update" } } }, @@ -44,7 +45,8 @@ "certificateCommonName": "www.example.com", "certificateExpiryDate": "2027-08-15T13:23:32Z", "fqdn": "fullyqualified.domainname.com", - "ipAddress": "1.2.3.4" + "ipAddress": "1.2.3.4", + "onCertificateConflictAction": "Update" }, "status": "NoCredentialsSet" } diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_CreateOrUpdateWithAkv.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_CreateOrUpdateWithAkv.json new file mode 100644 index 000000000000..17efc4090ec4 --- /dev/null +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_CreateOrUpdateWithAkv.json @@ -0,0 +1,115 @@ +{ + "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", + "accountName": "account1", + "poolName": "pool1", + "volumeName": "volume1", + "bucketName": "bucket1", + "api-version": "2025-09-01-preview", + "body": { + "properties": { + "fileSystemUser": { + "nfsUser": { + "userId": 1001, + "groupId": 1000 + } + }, + "path": "/path", + "server": { + "fqdn": "fullyqualified.domainname.com", + "onCertificateConflictAction": "Fail" + }, + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", + "name": "account1/pool1/volume1/bucket1", + "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", + "properties": { + "path": "/path", + "provisioningState": "Succeeded", + "fileSystemUser": { + "nfsUser": { + "userId": 1001, + "groupId": 1000 + } + }, + "status": "NoCredentialsSet", + "server": { + "fqdn": "fullyqualified.domainname.com", + "certificateCommonName": "www.example.com", + "certificateExpiryDate": "2027-08-15T13:23:32Z", + "ipAddress": "1.2.3.4" + }, + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" + } + } + }, + "201": { + "headers": { + "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location", + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview" + }, + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", + "name": "account1/pool1/volume1/bucket1", + "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", + "properties": { + "path": "/path", + "provisioningState": "Creating", + "fileSystemUser": { + "nfsUser": { + "userId": 1001, + "groupId": 1000 + } + }, + "status": "NoCredentialsSet", + "server": { + "fqdn": "fullyqualified.domainname.com", + "certificateCommonName": "www.example.com", + "certificateExpiryDate": "2027-08-15T13:23:32Z", + "ipAddress": "1.2.3.4" + }, + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" + } + } + } + }, + "operationId": "Buckets_CreateOrUpdate", + "title": "Buckets_CreateOrUpdateWithAkv" +} diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_GenerateAkvCredentials.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_GenerateAkvCredentials.json new file mode 100644 index 000000000000..3125454421fc --- /dev/null +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_GenerateAkvCredentials.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "accountName": "account1", + "api-version": "2025-09-01-preview", + "body": { + "keyPairExpiryDays": 3 + }, + "bucketName": "bucket1", + "poolName": "pool1", + "resourceGroupName": "myRG", + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "volumeName": "volume1" + }, + "responses": { + "202": { + "headers": { + "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location", + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview" + } + } + }, + "operationId": "Buckets_GenerateAkvCredentials", + "title": "Buckets_GenerateAkvCredentials" +} diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_Get.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_Get.json index 90568ba32ae1..8fcb99b3f5f6 100644 --- a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_Get.json +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_Get.json @@ -1,36 +1,46 @@ { "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", "accountName": "account1", - "api-version": "2025-09-01-preview", - "bucketName": "bucket1", "poolName": "pool1", - "resourceGroupName": "myRG", - "subscriptionId": "00000000-0000-0000-0000-000000000000", - "volumeName": "volume1" + "volumeName": "volume1", + "bucketName": "bucket1", + "api-version": "2025-09-01-preview" }, "responses": { "200": { "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "name": "account1/pool1/volume1/bucket1", "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "properties": { "path": "/path", + "provisioningState": "Succeeded", "fileSystemUser": { "nfsUser": { - "groupId": 1000, - "userId": 1001 + "userId": 1001, + "groupId": 1000 } }, - "permissions": "ReadOnly", - "provisioningState": "Succeeded", + "status": "CredentialsExpired", "server": { + "fqdn": "fullyqualified.domainname.com", "certificateCommonName": "www.example.com", "certificateExpiryDate": "2027-08-15T13:23:32Z", - "fqdn": "fullyqualified.domainname.com", "ipAddress": "1.2.3.4" }, - "status": "CredentialsExpired" + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" } } } diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_List.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_List.json index 939849f1bb80..7997eb002614 100644 --- a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_List.json +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_List.json @@ -1,37 +1,47 @@ { "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", "accountName": "account1", - "api-version": "2025-09-01-preview", "poolName": "pool1", - "resourceGroupName": "myRG", - "subscriptionId": "00000000-0000-0000-0000-000000000000", - "volumeName": "volume1" + "volumeName": "volume1", + "api-version": "2025-09-01-preview" }, "responses": { "200": { "body": { "value": [ { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "name": "account1/pool1/volume1/bucket1", "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "properties": { "path": "/path", + "provisioningState": "Succeeded", "fileSystemUser": { "nfsUser": { - "groupId": 1000, - "userId": 1001 + "userId": 1001, + "groupId": 1000 } }, - "permissions": "ReadOnly", - "provisioningState": "Succeeded", + "status": "Active", "server": { + "fqdn": "fullyqualified.domainname.com", "certificateCommonName": "www.example.com", "certificateExpiryDate": "2027-08-15T13:23:32Z", - "fqdn": "fullyqualified.domainname.com", "ipAddress": "1.2.3.4" }, - "status": "Active" + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" } } ] diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_RefreshCertificate.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_RefreshCertificate.json new file mode 100644 index 000000000000..35030a1eb00f --- /dev/null +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_RefreshCertificate.json @@ -0,0 +1,21 @@ +{ + "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", + "accountName": "account1", + "poolName": "pool1", + "volumeName": "volume1", + "bucketName": "bucket1", + "api-version": "2025-09-01-preview" + }, + "responses": { + "202": { + "headers": { + "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location", + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview" + } + } + }, + "operationId": "Buckets_RefreshCertificate", + "title": "Buckets_RefreshCertificate" +} diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_Update.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_Update.json index 6e19061999b6..76835182eff1 100644 --- a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_Update.json +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_Update.json @@ -1,52 +1,53 @@ { "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", "accountName": "account1", + "poolName": "pool1", + "volumeName": "volume1", + "bucketName": "bucket1", "api-version": "2025-09-01-preview", "body": { "properties": { - "permissions": "ReadWrite", "server": { + "fqdn": "fullyqualified.domainname.com", "certificateObject": "", - "fqdn": "fullyqualified.domainname.com" - } + "onCertificateConflictAction": "Update" + }, + "permissions": "ReadWrite" } - }, - "bucketName": "bucket1", - "poolName": "pool1", - "resourceGroupName": "myRG", - "subscriptionId": "00000000-0000-0000-0000-000000000000", - "volumeName": "volume1" + } }, "responses": { "200": { "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "name": "account1/pool1/volume1/bucket1", "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "properties": { "path": "/path", + "provisioningState": "Succeeded", "fileSystemUser": { "nfsUser": { - "groupId": 1000, - "userId": 1001 + "userId": 1001, + "groupId": 1000 } }, - "permissions": "ReadWrite", - "provisioningState": "Succeeded", + "status": "Active", "server": { + "fqdn": "fullyqualified.domainname.com", "certificateCommonName": "www.example.com", "certificateExpiryDate": "2027-08-15T13:23:32Z", - "fqdn": "fullyqualified.domainname.com", "ipAddress": "1.2.3.4" }, - "status": "Active" + "permissions": "ReadWrite" } } }, "202": { "headers": { - "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview", - "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location" + "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location", + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview" } } }, diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_UpdateWithAkv.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_UpdateWithAkv.json new file mode 100644 index 000000000000..4faa596e0e3f --- /dev/null +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/examples/2025-09-01-preview/Buckets_UpdateWithAkv.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", + "accountName": "account1", + "poolName": "pool1", + "volumeName": "volume1", + "bucketName": "bucket1", + "api-version": "2025-09-01-preview", + "body": { + "properties": { + "server": { + "fqdn": "fullyqualified.domainname.com", + "onCertificateConflictAction": "Fail" + }, + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", + "name": "account1/pool1/volume1/bucket1", + "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", + "properties": { + "path": "/path", + "provisioningState": "Succeeded", + "fileSystemUser": { + "nfsUser": { + "userId": 1001, + "groupId": 1000 + } + }, + "status": "Active", + "server": { + "fqdn": "fullyqualified.domainname.com", + "certificateCommonName": "www.example.com", + "certificateExpiryDate": "2027-08-15T13:23:32Z", + "ipAddress": "1.2.3.4" + }, + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" + } + } + }, + "202": { + "headers": { + "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location", + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview" + } + } + }, + "operationId": "Buckets_Update", + "title": "Buckets_UpdateWithAkv" +} diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_CreateOrUpdate.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_CreateOrUpdate.json index ade0472c753c..aa7884297cdb 100644 --- a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_CreateOrUpdate.json +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_CreateOrUpdate.json @@ -13,8 +13,9 @@ }, "permissions": "ReadOnly", "server": { + "fqdn": "fullyqualified.domainname.com", "certificateObject": "", - "fqdn": "fullyqualified.domainname.com" + "onCertificateConflictAction": "Update" } } }, @@ -44,7 +45,8 @@ "certificateCommonName": "www.example.com", "certificateExpiryDate": "2027-08-15T13:23:32Z", "fqdn": "fullyqualified.domainname.com", - "ipAddress": "1.2.3.4" + "ipAddress": "1.2.3.4", + "onCertificateConflictAction": "Update" }, "status": "NoCredentialsSet" } diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_CreateOrUpdateWithAkv.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_CreateOrUpdateWithAkv.json new file mode 100644 index 000000000000..17efc4090ec4 --- /dev/null +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_CreateOrUpdateWithAkv.json @@ -0,0 +1,115 @@ +{ + "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", + "accountName": "account1", + "poolName": "pool1", + "volumeName": "volume1", + "bucketName": "bucket1", + "api-version": "2025-09-01-preview", + "body": { + "properties": { + "fileSystemUser": { + "nfsUser": { + "userId": 1001, + "groupId": 1000 + } + }, + "path": "/path", + "server": { + "fqdn": "fullyqualified.domainname.com", + "onCertificateConflictAction": "Fail" + }, + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", + "name": "account1/pool1/volume1/bucket1", + "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", + "properties": { + "path": "/path", + "provisioningState": "Succeeded", + "fileSystemUser": { + "nfsUser": { + "userId": 1001, + "groupId": 1000 + } + }, + "status": "NoCredentialsSet", + "server": { + "fqdn": "fullyqualified.domainname.com", + "certificateCommonName": "www.example.com", + "certificateExpiryDate": "2027-08-15T13:23:32Z", + "ipAddress": "1.2.3.4" + }, + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" + } + } + }, + "201": { + "headers": { + "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location", + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview" + }, + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", + "name": "account1/pool1/volume1/bucket1", + "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", + "properties": { + "path": "/path", + "provisioningState": "Creating", + "fileSystemUser": { + "nfsUser": { + "userId": 1001, + "groupId": 1000 + } + }, + "status": "NoCredentialsSet", + "server": { + "fqdn": "fullyqualified.domainname.com", + "certificateCommonName": "www.example.com", + "certificateExpiryDate": "2027-08-15T13:23:32Z", + "ipAddress": "1.2.3.4" + }, + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" + } + } + } + }, + "operationId": "Buckets_CreateOrUpdate", + "title": "Buckets_CreateOrUpdateWithAkv" +} diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_GenerateAkvCredentials.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_GenerateAkvCredentials.json new file mode 100644 index 000000000000..3125454421fc --- /dev/null +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_GenerateAkvCredentials.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "accountName": "account1", + "api-version": "2025-09-01-preview", + "body": { + "keyPairExpiryDays": 3 + }, + "bucketName": "bucket1", + "poolName": "pool1", + "resourceGroupName": "myRG", + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "volumeName": "volume1" + }, + "responses": { + "202": { + "headers": { + "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location", + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview" + } + } + }, + "operationId": "Buckets_GenerateAkvCredentials", + "title": "Buckets_GenerateAkvCredentials" +} diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_Get.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_Get.json index 90568ba32ae1..8fcb99b3f5f6 100644 --- a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_Get.json +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_Get.json @@ -1,36 +1,46 @@ { "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", "accountName": "account1", - "api-version": "2025-09-01-preview", - "bucketName": "bucket1", "poolName": "pool1", - "resourceGroupName": "myRG", - "subscriptionId": "00000000-0000-0000-0000-000000000000", - "volumeName": "volume1" + "volumeName": "volume1", + "bucketName": "bucket1", + "api-version": "2025-09-01-preview" }, "responses": { "200": { "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "name": "account1/pool1/volume1/bucket1", "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "properties": { "path": "/path", + "provisioningState": "Succeeded", "fileSystemUser": { "nfsUser": { - "groupId": 1000, - "userId": 1001 + "userId": 1001, + "groupId": 1000 } }, - "permissions": "ReadOnly", - "provisioningState": "Succeeded", + "status": "CredentialsExpired", "server": { + "fqdn": "fullyqualified.domainname.com", "certificateCommonName": "www.example.com", "certificateExpiryDate": "2027-08-15T13:23:32Z", - "fqdn": "fullyqualified.domainname.com", "ipAddress": "1.2.3.4" }, - "status": "CredentialsExpired" + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" } } } diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_List.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_List.json index 939849f1bb80..7997eb002614 100644 --- a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_List.json +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_List.json @@ -1,37 +1,47 @@ { "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", "accountName": "account1", - "api-version": "2025-09-01-preview", "poolName": "pool1", - "resourceGroupName": "myRG", - "subscriptionId": "00000000-0000-0000-0000-000000000000", - "volumeName": "volume1" + "volumeName": "volume1", + "api-version": "2025-09-01-preview" }, "responses": { "200": { "body": { "value": [ { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "name": "account1/pool1/volume1/bucket1", "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "properties": { "path": "/path", + "provisioningState": "Succeeded", "fileSystemUser": { "nfsUser": { - "groupId": 1000, - "userId": 1001 + "userId": 1001, + "groupId": 1000 } }, - "permissions": "ReadOnly", - "provisioningState": "Succeeded", + "status": "Active", "server": { + "fqdn": "fullyqualified.domainname.com", "certificateCommonName": "www.example.com", "certificateExpiryDate": "2027-08-15T13:23:32Z", - "fqdn": "fullyqualified.domainname.com", "ipAddress": "1.2.3.4" }, - "status": "Active" + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" } } ] diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_RefreshCertificate.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_RefreshCertificate.json new file mode 100644 index 000000000000..35030a1eb00f --- /dev/null +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_RefreshCertificate.json @@ -0,0 +1,21 @@ +{ + "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", + "accountName": "account1", + "poolName": "pool1", + "volumeName": "volume1", + "bucketName": "bucket1", + "api-version": "2025-09-01-preview" + }, + "responses": { + "202": { + "headers": { + "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location", + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview" + } + } + }, + "operationId": "Buckets_RefreshCertificate", + "title": "Buckets_RefreshCertificate" +} diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_Update.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_Update.json index 6e19061999b6..76835182eff1 100644 --- a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_Update.json +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_Update.json @@ -1,52 +1,53 @@ { "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", "accountName": "account1", + "poolName": "pool1", + "volumeName": "volume1", + "bucketName": "bucket1", "api-version": "2025-09-01-preview", "body": { "properties": { - "permissions": "ReadWrite", "server": { + "fqdn": "fullyqualified.domainname.com", "certificateObject": "", - "fqdn": "fullyqualified.domainname.com" - } + "onCertificateConflictAction": "Update" + }, + "permissions": "ReadWrite" } - }, - "bucketName": "bucket1", - "poolName": "pool1", - "resourceGroupName": "myRG", - "subscriptionId": "00000000-0000-0000-0000-000000000000", - "volumeName": "volume1" + } }, "responses": { "200": { "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "name": "account1/pool1/volume1/bucket1", "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", "properties": { "path": "/path", + "provisioningState": "Succeeded", "fileSystemUser": { "nfsUser": { - "groupId": 1000, - "userId": 1001 + "userId": 1001, + "groupId": 1000 } }, - "permissions": "ReadWrite", - "provisioningState": "Succeeded", + "status": "Active", "server": { + "fqdn": "fullyqualified.domainname.com", "certificateCommonName": "www.example.com", "certificateExpiryDate": "2027-08-15T13:23:32Z", - "fqdn": "fullyqualified.domainname.com", "ipAddress": "1.2.3.4" }, - "status": "Active" + "permissions": "ReadWrite" } } }, "202": { "headers": { - "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview", - "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location" + "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location", + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview" } } }, diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_UpdateWithAkv.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_UpdateWithAkv.json new file mode 100644 index 000000000000..4faa596e0e3f --- /dev/null +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/examples/Buckets_UpdateWithAkv.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "myRG", + "accountName": "account1", + "poolName": "pool1", + "volumeName": "volume1", + "bucketName": "bucket1", + "api-version": "2025-09-01-preview", + "body": { + "properties": { + "server": { + "fqdn": "fullyqualified.domainname.com", + "onCertificateConflictAction": "Fail" + }, + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.NetApp/netAppAccounts/account1/capacityPools/pool1/volumes/volume1/buckets/bucket1", + "name": "account1/pool1/volume1/bucket1", + "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/buckets", + "properties": { + "path": "/path", + "provisioningState": "Succeeded", + "fileSystemUser": { + "nfsUser": { + "userId": 1001, + "groupId": 1000 + } + }, + "status": "Active", + "server": { + "fqdn": "fullyqualified.domainname.com", + "certificateCommonName": "www.example.com", + "certificateExpiryDate": "2027-08-15T13:23:32Z", + "ipAddress": "1.2.3.4" + }, + "akvDetails": { + "certificateAkvDetails": { + "certificateKeyVaultUri": "https://REDACTED.vault.azure.net/", + "certificateName": "my-certificate" + }, + "credentialsAkvDetails": { + "credentialsKeyVaultUri": "https://REDACTED.vault.azure.net/", + "secretName": "my-secret" + } + }, + "permissions": "ReadOnly" + } + } + }, + "202": { + "headers": { + "Location": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview&operationResultResponseType=Location", + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.NetApp/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2025-09-01-preview" + } + } + }, + "operationId": "Buckets_Update", + "title": "Buckets_UpdateWithAkv" +} diff --git a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/netapp.json b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/netapp.json index 209ee0a49854..3f8a4ddb8570 100644 --- a/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/netapp.json +++ b/specification/netapp/resource-manager/Microsoft.NetApp/NetApp/preview/2025-09-01-preview/netapp.json @@ -7696,6 +7696,9 @@ "x-ms-examples": { "Buckets_CreateOrUpdate": { "$ref": "./examples/Buckets_CreateOrUpdate.json" + }, + "Buckets_CreateOrUpdateWithAkv": { + "$ref": "./examples/Buckets_CreateOrUpdateWithAkv.json" } }, "x-ms-long-running-operation-options": { @@ -7804,6 +7807,9 @@ "x-ms-examples": { "Buckets_Update": { "$ref": "./examples/Buckets_Update.json" + }, + "Buckets_UpdateWithAkv": { + "$ref": "./examples/Buckets_UpdateWithAkv.json" } }, "x-ms-long-running-operation-options": { @@ -7908,6 +7914,109 @@ "x-ms-long-running-operation": true } }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.NetApp/netAppAccounts/{accountName}/capacityPools/{poolName}/volumes/{volumeName}/buckets/{bucketName}/generateAkvCredentials": { + "post": { + "operationId": "Buckets_GenerateAkvCredentials", + "tags": [ + "Buckets" + ], + "description": "Generate the access key and secret key used for accessing the specified volume bucket and store in Azure Key Vault.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v6/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v6/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v6/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "accountName", + "in": "path", + "description": "The name of the NetApp account", + "required": true, + "type": "string", + "pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\-_]{0,127}$" + }, + { + "name": "poolName", + "in": "path", + "description": "The name of the capacity pool", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 64, + "pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\-_]{0,63}$" + }, + { + "name": "volumeName", + "in": "path", + "description": "The name of the volume", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 64, + "pattern": "^[a-zA-Z][a-zA-Z0-9\\-_]{0,63}$" + }, + { + "name": "bucketName", + "in": "path", + "description": "The name of the bucket", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^([a-z]|(\\d(?!\\d{0,2}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})))([a-z\\d]|(\\.(?!(\\.|-)))|(-(?!\\.))){1,61}[a-z\\d]$" + }, + { + "name": "body", + "in": "body", + "description": "The content of the action request", + "required": true, + "schema": { + "$ref": "#/definitions/BucketCredentialsExpiry" + } + } + ], + "responses": { + "202": { + "description": "Resource operation accepted.", + "headers": { + "Azure-AsyncOperation": { + "type": "string", + "format": "uri", + "description": "A link to the status monitor" + }, + "Location": { + "type": "string", + "description": "The Location header contains the URL where the status of the long running operation can be checked." + }, + "Retry-After": { + "type": "integer", + "format": "int32", + "description": "The Retry-After header can indicate how long the client should wait before polling the operation status." + } + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Buckets_GenerateAkvCredentials": { + "$ref": "./examples/Buckets_GenerateAkvCredentials.json" + } + }, + "x-ms-long-running-operation-options": { + "final-state-via": "azure-async-operation" + }, + "x-ms-long-running-operation": true + } + }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.NetApp/netAppAccounts/{accountName}/capacityPools/{poolName}/volumes/{volumeName}/buckets/{bucketName}/generateCredentials": { "post": { "operationId": "Buckets_GenerateCredentials", @@ -7994,6 +8103,100 @@ } } }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.NetApp/netAppAccounts/{accountName}/capacityPools/{poolName}/volumes/{volumeName}/buckets/{bucketName}/refreshCertificate": { + "post": { + "operationId": "Buckets_RefreshCertificate", + "tags": [ + "Buckets" + ], + "description": "This operation will fetch the certificate from Azure Key Vault and install it on the bucket server.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v6/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v6/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v6/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "accountName", + "in": "path", + "description": "The name of the NetApp account", + "required": true, + "type": "string", + "pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\-_]{0,127}$" + }, + { + "name": "poolName", + "in": "path", + "description": "The name of the capacity pool", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 64, + "pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\-_]{0,63}$" + }, + { + "name": "volumeName", + "in": "path", + "description": "The name of the volume", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 64, + "pattern": "^[a-zA-Z][a-zA-Z0-9\\-_]{0,63}$" + }, + { + "name": "bucketName", + "in": "path", + "description": "The name of the bucket", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^([a-z]|(\\d(?!\\d{0,2}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})))([a-z\\d]|(\\.(?!(\\.|-)))|(-(?!\\.))){1,61}[a-z\\d]$" + } + ], + "responses": { + "202": { + "description": "Resource operation accepted.", + "headers": { + "Azure-AsyncOperation": { + "type": "string", + "format": "uri", + "description": "A link to the status monitor" + }, + "Location": { + "type": "string", + "description": "The Location header contains the URL where the status of the long running operation can be checked." + }, + "Retry-After": { + "type": "integer", + "format": "int32", + "description": "The Retry-After header can indicate how long the client should wait before polling the operation status." + } + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Buckets_RefreshCertificate": { + "$ref": "./examples/Buckets_RefreshCertificate.json" + } + }, + "x-ms-long-running-operation-options": { + "final-state-via": "azure-async-operation" + }, + "x-ms-long-running-operation": true + } + }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.NetApp/netAppAccounts/{accountName}/capacityPools/{poolName}/volumes/{volumeName}/deleteReplication": { "post": { "operationId": "Volumes_DeleteReplication", @@ -13273,6 +13476,20 @@ } } }, + "AzureKeyVaultDetails": { + "type": "object", + "description": "Specifies the Azure Key Vault settings. These are used when\na) retrieving the bucket server certificate, and\nb) storing the bucket credentials\n\nNotes:\n\n1. If a bucket certificate was previously provided directly using the certificateObject property, it is possible to subsequently use the Azure Key Vault for certificate management by using these 'akvDetails' properties. However, once Azure Key Vault is configured, it is no longer possible to provide the certificate directly via the certificateObject property.\n\n2. These properties are mutually exclusive with the server.certificateObject property.", + "properties": { + "certificateAkvDetails": { + "$ref": "#/definitions/CertificateAkvDetails", + "description": "Specifies the Azure Key Vault settings for retrieving the bucket server certificate." + }, + "credentialsAkvDetails": { + "$ref": "#/definitions/CredentialsAkvDetails", + "description": "Specifies the Azure Key Vault settings for storing the bucket credentials." + } + } + }, "Backup": { "type": "object", "description": "Backup under a Backup Vault", @@ -13958,6 +14175,10 @@ "permissions": { "$ref": "#/definitions/BucketPatchPermissions", "description": "Access permissions for the bucket. Either ReadOnly or ReadWrite." + }, + "akvDetails": { + "$ref": "#/definitions/AzureKeyVaultDetails", + "description": "Specifies the Azure Key Vault settings. These are used when\na) retrieving the bucket server certificate, and\nb) storing the bucket credentials\n\nNotes:\n\n1. If a bucket certificate was previously provided directly using the certificateObject property, it is possible to subsequently use the Azure Key Vault for certificate management by using these 'akvDetails' properties. However, once Azure Key Vault is configured, it is no longer possible to provide the certificate directly via the certificateObject property.\n2. These properties are mutually exclusive with the server.certificateObject property." } } }, @@ -14012,6 +14233,10 @@ } ] } + }, + "akvDetails": { + "$ref": "#/definitions/AzureKeyVaultDetails", + "description": "Specifies the Azure Key Vault settings. These are used when\na) retrieving the bucket server certificate, and\nb) storing the bucket credentials\n\nNotes:\n\n1. If a bucket certificate was previously provided directly using the certificateObject property, it is possible to subsequently use the Azure Key Vault for certificate management by using these 'akvDetails' properties. However, once Azure Key Vault is configured, it is no longer possible to provide the certificate directly via the certificateObject property.\n2. These properties are mutually exclusive with the server.certificateObject property." } } }, @@ -14025,13 +14250,19 @@ }, "certificateObject": { "type": "string", - "description": "A base64-encoded PEM file, which includes both the bucket server's certificate and private key. It is used to authenticate the user and allows access to volume data in a read-only manner.", + "format": "password", + "description": "The base64-encoded contents of a PEM file, which includes both the bucket server's certificate and private key. It is generated by the end user and allows the user to access volume data in a read-only manner.\nNote: This is only used when Azure Key Vault is not configured. This property is mutually exclusive with the Azure Key Vault 'akv' properties.", "minLength": 1, - "maxLength": 10240, + "maxLength": 20480, "x-ms-mutability": [ "update", "create" - ] + ], + "x-ms-secret": true + }, + "onCertificateConflictAction": { + "$ref": "#/definitions/OnCertificateConflictAction", + "description": "Action to take when there is a certificate conflict.\nPossible values include: 'Update', 'Fail'" } } }, @@ -14063,13 +14294,19 @@ }, "certificateObject": { "type": "string", - "description": "A base64-encoded PEM file, which includes both the bucket server's certificate and private key. It is used to authenticate the user and allows access to volume data in a read-only manner.", + "format": "password", + "description": "The base64-encoded contents of a PEM file, which includes both the bucket server's certificate and private key. It is generated by the end user and allows the user to access volume data in a read-only manner.\nNote: This is only used when Azure Key Vault is not configured. This property is mutually exclusive with the Azure Key Vault 'akv' properties.", "minLength": 1, - "maxLength": 10240, + "maxLength": 20480, "x-ms-mutability": [ "update", "create" - ] + ], + "x-ms-secret": true + }, + "onCertificateConflictAction": { + "$ref": "#/definitions/OnCertificateConflictAction", + "description": "Action to take when there is a certificate conflict.\nPossible values include: 'Update', 'Fail'" } } }, @@ -14607,6 +14844,24 @@ } } }, + "CertificateAkvDetails": { + "type": "object", + "description": "Specifies the Azure Key Vault settings for retrieving the bucket server certificate.", + "properties": { + "certificateKeyVaultUri": { + "type": "string", + "format": "uri", + "description": "The base URI of the Azure Key Vault that is used when retrieving the bucket certificate." + }, + "certificateName": { + "type": "string", + "description": "The name of the bucket server certificate stored in the Azure Key Vault.", + "minLength": 1, + "maxLength": 127, + "pattern": "^[a-zA-Z0-9-]{1,127}$" + } + } + }, "ChangeKeyVault": { "type": "object", "description": "Change key vault request", @@ -14945,6 +15200,24 @@ ] } }, + "CredentialsAkvDetails": { + "type": "object", + "description": "Specifies the Azure Key Vault settings for storing the bucket credentials.", + "properties": { + "credentialsKeyVaultUri": { + "type": "string", + "format": "uri", + "description": "The base URI of the Azure Key Vault that is used when storing the bucket credentials." + }, + "secretName": { + "type": "string", + "description": "The name of the secret stored in Azure Key Vault. The associated key pair has the following structure:\n\n{\n\"access_key_id\": \"\",\n\"secret_access_key\": \"\"\n}", + "minLength": 1, + "maxLength": 127, + "pattern": "^[a-zA-Z0-9-]{1,127}$" + } + } + }, "CredentialsStatus": { "type": "string", "description": "The bucket credentials status. There states:\n\n\"NoCredentialsSet\": Access and Secret key pair have not been generated.\n\"CredentialsExpired\": Access and Secret key pair have expired.\n\"Active\": The certificate has been installed and credentials are unexpired.", @@ -18345,6 +18618,30 @@ } } }, + "OnCertificateConflictAction": { + "type": "string", + "description": "This action is triggered when a certificate conflict occurs. A conflict arises if you try to create a new bucket while one or more already exist on the server, or if you update a bucket when multiple buckets are present. This happens because a single certificate is shared among all buckets on the same server.\n\nNote: This applies both to certificates provided directly via the certificateObject property and to those retrieved from Azure Key Vault. Details for the latter case are specified in the akvDetails.certificateAkvDetails section.", + "enum": [ + "Update", + "Fail" + ], + "x-ms-enum": { + "name": "OnCertificateConflictAction", + "modelAsString": true, + "values": [ + { + "name": "Update", + "value": "Update", + "description": "Update the existing certificate regardless of whether there is a conflict or not. This means all buckets on the server will now use the new certificate." + }, + { + "name": "Fail", + "value": "Fail", + "description": "Fail the operation if a conflict occurs, meaning the bucket operation will fail, and the existing certificate will continue to be in use." + } + ] + } + }, "Operation": { "type": "object", "description": "Microsoft.NetApp REST API operation definition.",