Develop Reference

Get list of files from az blob container, then grab all

Using the az cli within an azvm, I want to be able to list all the files within a specific container blob and then download those files. Let's say I have a container 'top' and then it has several subdirectories such as:
top/sub1/sub2/sub3/
Where in the folder sub3, there are multiple files. I would like to:
List all the files in sub3, and then
Retrieve all of the files in sub3 through the az cli.
I can only list the contents within 'top' with the command:
az storage container list --account-key ${key} --account-name top --query "[].{Name:name}" --output table

az storage container list --> is used to list the containers inside a storage account.
Based on the shared information, we have understood that you are trying to list the blob under the subdirectories(sub1/sub2/sub3) inside a contianer top then you need to use az storage blob directory list cmdlet which is used to List blobs and blob subdirectories in a storage directory.
To test this we have created a storage account with one container (top) and having multiple subdirectories(sub1/sub2/sub3) and we have used the below cmdlet to list the blob inside them.
az storage blob directory list -c top -d sub1/sub2/sub3 --account-name <storageAccountName> --query [].name -o table
Here is the sample output for reference:
Reference documentation for more information about az storage blob directory list cmdlet.

Azure CLI - How to find available 'endpoints' from an account key?

I have an account key and corresponding account name. How can I find the storage options it has?
Using:
az storage account list
retrieves the accounts that my subscription has access to, and I get the access points:
"primaryEndpoints": {
"blob": "https://MYACCOUNT.blob.core.windows.net/",
"dfs": "https://MYACCOUNT.dfs.core.windows.net/",
"file": "https://MYACCOUNT.file.core.windows.net/",
"internetEndpoints": null,
"microsoftEndpoints": null,
"queue": "https://MYACCOUNT.queue.core.windows.net/",
"table": "https://MYACCOUNT.table.core.windows.net/",
"web": "https://MYACCOUNT.z6.web.core.windows.net/"
}
I want to obtain a similar endpoint for an account for which I have an account key, how to do this?
Then, if there is a 'blob' access point, I know that I can call:
az storage fs list --account-name "MYACCOUNT" --account-key "MYKEY"
to get the list of blob containers.
Bonus question: how to know whether the key is for a Gen1 or Gen2 type account?

I have an account key and corresponding account name. How can I find the storage options it has? (question from user)
If you are using the cli , you need to connect to the subscription where the storage account is present & run the below commnads to show list of storage options/access endpoints & properities of that particular storage without using the account key.
az login
az account set --subscription
az storage account show --Name "accountname" --resource-group "resource-groupname"
As per the documentation the cmdlets "az storage fs" are used to manage the file systems in azure data lake storage gen2 account.
Azure don't have any mechanism to identify a storage account generations using access key generally When you create a storage account, Azure generates two 512-bit storage account access keys. These keys can be used to authorize access to data in your storage account via Shared Key authorization.
Alternatively, you can use Azure storage explorer from (Portal/Desktop version) to check the storage options and type of storage account it is as shown in below image if the HNS value of the storage account is true then it is a ADLS gen2 account.

Using Azure Cli , and use --query parameter to filter result
az storage account show --name $storage_account_name --resource-group $ResourceGroup

Delete Azure storage blob given a URI

I am working on a cleanup script that deletes an Azure image and its underlying storage blob. I can find the storage blob for my image with this command:
az image list --query "[?name=='$IMAGE_NAME'] | [].storageProfile.osDisk.blobUri"
(This is bash, so $IMAGE_NAME gets replaced with the actual image name). The output of the above command is a JSON list of URIs, each looking something like this:
https://storage_account.blob.core.windows.net/container_name/blob_name.vhd
Looking at the documentation for az storage blob delete, I can tell that this blob can be deleted with a command like this:
az storage blob delete --account-name storage_account --container container_name --name blob_name.vhd
So, obviously I can parse the URI and then generate this command. However, this seems odd: what's the point of giving blobs a URI if you can't use them?
So my question is:
Is there a direct az cli command to delete a blob by using its URI?
Better yet, is there a way to delete the blob associated with a given Azure image?

There is no built-in CLI command to delete with blob url directly. There is a workaround to use az rest to call the Delete Blob REST API.
access_token = $(az account get-access-token --resource https://storage.azure.com/ --query accessToken -o tsv)
now = $(env LANG=en_US TZ=GMT date '+%a, %d %b %Y %T %Z')
headers = "Authorization=Bearer "+$access_token+" x-ms-date="+$now+" x-ms-version=2020-08-04"
az rest --method delete --uri $blob_url --headers $headers

How to enable/disable staticwebsite on blob service using script

In order to programmatically automate enablement of the static website on blob service. What should be the property field allowed? I am unable to find something similar to this Microsoft.Storage/storageAccounts/blobService/staticWebsite.
Can anyone help me with this?

Indeed, you can do so with some Azure CLI commands.
# To query the current status of the property
az storage blob service-properties show --account-name <your-storage-account> --query 'staticWebsite.enabled'
To set toggle the staticWebsite.enabled property, you can use the az storage blob service-properties update command as follows:
az storage blob service-properties update --account-name <your-storage-account> --static-website
The Azure PowerShell equivalents for the above would be the Enable-AzStorageStaticWebsite and Disable-AzStorageStaticWebsite cmdlets.

Azure SAS for one container

I am able to generate SAS token for the storage account from the Azure portal but the problem which I am facing is explained below-
Storage account consists of two Containers. One container file has to be given access for the users whom I will provide the SAS token and one container should be completely private means user cannot see this container.
Problem is if I am generating SAS token and login into Azure explorer using that SAS token,I am seeing both the containers but my requirement is to see only 1 container. Is there any way to give permission for only one container by generating SAS token using Azure portal without creating any custom application for generating these tokens.

Easiest way to do that would be to use powershell:
Set-AzureRmStorageAccount -Name 'name'
$sasToken = New-AzureStorageContainerSASToken -Permission r -ExpiryTime (Get-Date).AddHours(2.0) -Name 'container name'
you could issue this command with -debug switch, capture the rest call and use that call to mimic it, using arm client, or custom app or whatever.

The Azure CLI alternative:
az storage container generate-sas --account-name ACCOUNT_NAME --account-key ACCOUNT_KEY --https-only --expiry 'YYYY-MM-DD' --name CONTAINER_NAME --permissions r
Valid permissions: (a)dd (c)reate (d)elete (l)ist (r)ead (w)rite
For more information, check out: az storage container generate-sas -h