tombuildsstuff · manicminer · Feb 20, 2024 · Feb 8, 2024
diff --git a/storage/2023-11-03/blob/blobs/append_block.go b/storage/2023-11-03/blob/blobs/append_block.go
@@ -14,7 +14,6 @@ import (
 )
 
 type AppendBlockInput struct {
-
 	// A number indicating the byte offset to compare.
 	// Append Block will succeed only if the append position is equal to this number.
 	// If it is not, the request will fail with an AppendPositionConditionNotMet
@@ -43,6 +42,9 @@ type AppendBlockInput struct {
 	// Required if the blob has an active lease.
 	// To perform this operation on a blob with an active lease, specify the valid lease ID for this header.
 	LeaseID *string
+
+	// The encryption scope to set for the request content.
+	EncryptionScope *string
 }
 
 type AppendBlockResponse struct {
@@ -147,6 +149,9 @@ func (a appendBlockOptions) ToHeaders() *client.Headers {
 	if a.input.LeaseID != nil {
 		headers.Append("x-ms-lease-id", *a.input.LeaseID)
 	}
+	if a.input.EncryptionScope != nil {
+		headers.Append("x-ms-encryption-scope", *a.input.EncryptionScope)
+	}
 	if a.input.Content != nil {
 		headers.Append("Content-Length", strconv.Itoa(len(*a.input.Content)))
 	}

diff --git a/storage/2023-11-03/blob/blobs/copy.go b/storage/2023-11-03/blob/blobs/copy.go
@@ -103,6 +103,9 @@ type CopyInput struct {
 	// If the source blob has been modified, the Blob service returns status code 412 (Precondition Failed).
 	// This header cannot be specified if the source is an Azure File.
 	SourceIfUnmodifiedSince *string
+
+	// The encryption scope to set for the request content.
+	EncryptionScope *string
 }
 
 type CopyResponse struct {
@@ -217,6 +220,10 @@ func (c copyOptions) ToHeaders() *client.Headers {
 		headers.Append("x-ms-source-if-unmodified-since", *c.input.SourceIfUnmodifiedSince)
 	}
 
+	if c.input.EncryptionScope != nil {
+		headers.Append("x-ms-encryption-scope", *c.input.EncryptionScope)
+	}
+
 	headers.Merge(metadata.SetMetaDataHeaders(c.input.MetaData))
 
 	return headers

diff --git a/storage/2023-11-03/blob/blobs/properties_get.go b/storage/2023-11-03/blob/blobs/properties_get.go
@@ -158,6 +158,9 @@ type GetPropertiesResponse struct {
 
 	// Is the Storage Account encrypted using server-side encryption? This should always return true
 	ServerEncrypted bool
+
+	// The encryption scope for the request content.
+	EncryptionScope string
 }
 
 // GetProperties returns all user-defined metadata, standard HTTP properties, and system properties for the blob
@@ -223,6 +226,7 @@ func (c Client) GetProperties(ctx context.Context, containerName, blobName strin
 			result.LeaseDuration = LeaseDuration(resp.Header.Get("x-ms-lease-duration"))
 			result.LeaseState = LeaseState(resp.Header.Get("x-ms-lease-state"))
 			result.LeaseStatus = LeaseStatus(resp.Header.Get("x-ms-lease-status"))
+			result.EncryptionScope = resp.Header.Get("x-ms-encryption-scope")
 			result.MetaData = metadata.ParseFromHeaders(resp.Header)
 
 			if v := resp.Header.Get("x-ms-access-tier-inferred"); v != "" {

diff --git a/storage/2023-11-03/blob/blobs/put_append_blob.go b/storage/2023-11-03/blob/blobs/put_append_blob.go
@@ -19,6 +19,7 @@ type PutAppendBlobInput struct {
 	ContentMD5         *string
 	ContentType        *string
 	LeaseID            *string
+	EncryptionScope    *string
 	MetaData           map[string]string
 }
 
@@ -110,6 +111,9 @@ func (p putAppendBlobOptions) ToHeaders() *client.Headers {
 	if p.input.LeaseID != nil {
 		headers.Append("x-ms-lease-id", *p.input.LeaseID)
 	}
+	if p.input.EncryptionScope != nil {
+		headers.Append("x-ms-encryption-scope", *p.input.EncryptionScope)
+	}
 
 	headers.Merge(metadata.SetMetaDataHeaders(p.input.MetaData))
 	return headers

diff --git a/storage/2023-11-03/blob/blobs/put_block.go b/storage/2023-11-03/blob/blobs/put_block.go
@@ -12,10 +12,11 @@ import (
 )
 
 type PutBlockInput struct {
-	BlockID    string
-	Content    []byte
-	ContentMD5 *string
-	LeaseID    *string
+	BlockID         string
+	Content         []byte
+	ContentMD5      *string
+	LeaseID         *string
+	EncryptionScope *string
 }
 
 type PutBlockResponse struct {
@@ -101,6 +102,9 @@ func (p putBlockOptions) ToHeaders() *client.Headers {
 	if p.input.LeaseID != nil {
 		headers.Append("x-ms-lease-id", *p.input.LeaseID)
 	}
+	if p.input.EncryptionScope != nil {
+		headers.Append("x-ms-encryption-scope", *p.input.EncryptionScope)
+	}
 
 	return headers
 }

diff --git a/storage/2023-11-03/blob/blobs/put_block_blob.go b/storage/2023-11-03/blob/blobs/put_block_blob.go
@@ -21,6 +21,7 @@ type PutBlockBlobInput struct {
 	ContentMD5         *string
 	ContentType        *string
 	LeaseID            *string
+	EncryptionScope    *string
 	MetaData           map[string]string
 }
 
@@ -121,6 +122,9 @@ func (p putBlockBlobOptions) ToHeaders() *client.Headers {
 	if p.input.LeaseID != nil {
 		headers.Append("x-ms-lease-id", *p.input.LeaseID)
 	}
+	if p.input.EncryptionScope != nil {
+		headers.Append("x-ms-encryption-scope", *p.input.EncryptionScope)
+	}
 	if p.input.Content != nil {
 		headers.Append("Content-Length", strconv.Itoa(len(*p.input.Content)))
 	}

diff --git a/storage/2023-11-03/blob/blobs/put_block_list.go b/storage/2023-11-03/blob/blobs/put_block_list.go
@@ -29,8 +29,9 @@ type PutBlockListInput struct {
 	ContentLanguage    *string
 	ContentMD5         *string
 	ContentType        *string
-	MetaData           map[string]string
 	LeaseID            *string
+	EncryptionScope    *string
+	MetaData           map[string]string
 }
 
 type PutBlockListResponse struct {
@@ -130,6 +131,9 @@ func (p putBlockListOptions) ToHeaders() *client.Headers {
 	if p.input.LeaseID != nil {
 		headers.Append("x-ms-lease-id", *p.input.LeaseID)
 	}
+	if p.input.EncryptionScope != nil {
+		headers.Append("x-ms-encryption-scope", *p.input.EncryptionScope)
+	}
 
 	headers.Merge(metadata.SetMetaDataHeaders(p.input.MetaData))
 

diff --git a/storage/2023-11-03/blob/blobs/put_block_url.go b/storage/2023-11-03/blob/blobs/put_block_url.go
@@ -14,9 +14,10 @@ type PutBlockFromURLInput struct {
 	BlockID    string
 	CopySource string
 
-	ContentMD5 *string
-	LeaseID    *string
-	Range      *string
+	ContentMD5      *string
+	LeaseID         *string
+	Range           *string
+	EncryptionScope *string
 }
 
 type PutBlockFromURLResponse struct {
@@ -103,6 +104,9 @@ func (p putBlockUrlOptions) ToHeaders() *client.Headers {
 	if p.input.Range != nil {
 		headers.Append("x-ms-source-range", *p.input.Range)
 	}
+	if p.input.EncryptionScope != nil {
+		headers.Append("x-ms-encryption-scope", *p.input.EncryptionScope)
+	}
 	return headers
 }
 

diff --git a/storage/2023-11-03/blob/blobs/put_page_blob.go b/storage/2023-11-03/blob/blobs/put_page_blob.go
@@ -20,6 +20,7 @@ type PutPageBlobInput struct {
 	ContentMD5         *string
 	ContentType        *string
 	LeaseID            *string
+	EncryptionScope    *string
 	MetaData           map[string]string
 
 	BlobContentLengthBytes int64
@@ -137,6 +138,10 @@ func (p putPageBlobOptions) ToHeaders() *client.Headers {
 		headers.Append("x-ms-lease-id", *p.input.LeaseID)
 	}
 
+	if p.input.EncryptionScope != nil {
+		headers.Append("x-ms-encryption-scope", *p.input.EncryptionScope)
+	}
+
 	headers.Merge(metadata.SetMetaDataHeaders(p.input.MetaData))
 	return headers
 }

diff --git a/storage/2023-11-03/blob/blobs/put_page_clear.go b/storage/2023-11-03/blob/blobs/put_page_clear.go
@@ -14,7 +14,8 @@ type PutPageClearInput struct {
 	StartByte int64
 	EndByte   int64
 
-	LeaseID *string
+	LeaseID         *string
+	EncryptionScope *string
 }
 
 type PutPageClearResponse struct {
@@ -91,6 +92,10 @@ func (p putPageClearOptions) ToHeaders() *client.Headers {
 	if p.input.LeaseID != nil {
 		headers.Append("x-ms-lease-id", *p.input.LeaseID)
 	}
+	if p.input.EncryptionScope != nil {
+		headers.Append("x-ms-encryption-scope", *p.input.EncryptionScope)
+	}
+
 	return headers
 }
 

diff --git a/storage/2023-11-03/blob/blobs/put_page_update.go b/storage/2023-11-03/blob/blobs/put_page_update.go
@@ -26,6 +26,7 @@ type PutPageUpdateInput struct {
 	IfMatch            *string
 	IfNoneMatch        *string
 	LeaseID            *string
+	EncryptionScope    *string
 }
 
 type PutPageUpdateResponse struct {
@@ -124,6 +125,10 @@ func (p putPageUpdateOptions) ToHeaders() *client.Headers {
 		headers.Append("x-ms-lease-id", *p.input.LeaseID)
 	}
 
+	if p.input.EncryptionScope != nil {
+		headers.Append("x-ms-encryption-scope", *p.input.EncryptionScope)
+	}
+
 	if p.input.IfSequenceNumberEQ != nil {
 		headers.Append("x-ms-if-sequence-number-eq", *p.input.IfSequenceNumberEQ)
 	}

diff --git a/storage/2023-11-03/blob/blobs/snapshot.go b/storage/2023-11-03/blob/blobs/snapshot.go
@@ -16,6 +16,9 @@ type SnapshotInput struct {
 	// This must be specified if a Lease is present on the Blob, else a 403 is returned
 	LeaseID *string
 
+	// The encryption scope to set for the request content.
+	EncryptionScope *string
+
 	// MetaData is a user-defined name-value pair associated with the blob.
 	// If no name-value pairs are specified, the operation will copy the base blob metadata to the snapshot.
 	// If one or more name-value pairs are specified, the snapshot is created with the specified metadata,
@@ -120,6 +123,10 @@ func (s snapshotOptions) ToHeaders() *client.Headers {
 		headers.Append("x-ms-lease-id", *s.input.LeaseID)
 	}
 
+	if s.input.EncryptionScope != nil {
+		headers.Append("x-ms-encryption-scope", *s.input.EncryptionScope)
+	}
+
 	if s.input.IfModifiedSince != nil {
 		headers.Append("If-Modified-Since", *s.input.IfModifiedSince)
 	}

diff --git a/storage/2023-11-03/blob/containers/create.go b/storage/2023-11-03/blob/containers/create.go
@@ -14,6 +14,12 @@ type CreateInput struct {
 	// Specifies whether data in the container may be accessed publicly and the level of access
 	AccessLevel AccessLevel
 
+	// The encryption scope to set as the default on the container.
+	DefaultEncryptionScope string
+
+	// Setting this to ture indicates that every blob that's uploaded to this container uses the default encryption scope.
+	EncryptionScopeOverrideDisabled bool
+
 	// A name-value pair to associate with the container as metadata.
 	MetaData map[string]string
 }
@@ -42,8 +48,7 @@ func (c Client) Create(ctx context.Context, containerName string, input CreateIn
 		},
 		HttpMethod: http.MethodPut,
 		OptionsObject: createOptions{
-			accessLevel: input.AccessLevel,
-			metaData:    input.MetaData,
+			input: input,
 		},
 		Path: fmt.Sprintf("/%s", containerName),
 	}
@@ -70,18 +75,23 @@ func (c Client) Create(ctx context.Context, containerName string, input CreateIn
 var _ client.Options = createOptions{}
 
 type createOptions struct {
-	accessLevel AccessLevel
-	metaData    map[string]string
+	input CreateInput
 }
 
 func (o createOptions) ToHeaders() *client.Headers {
 	headers := containerOptions{
-		metaData: o.metaData,
+		metaData: o.input.MetaData,
 	}.ToHeaders()
 
 	// If this header is not included in the request, container data is private to the account owner.
-	if o.accessLevel != Private {
-		headers.Append("x-ms-blob-public-access", string(o.accessLevel))
+	if o.input.AccessLevel != Private {
+		headers.Append("x-ms-blob-public-access", string(o.input.AccessLevel))
+	}
+
+	if o.input.DefaultEncryptionScope != "" {
+		// These two headers must be used together.
+		headers.Append("x-ms-default-encryption-scope", o.input.DefaultEncryptionScope)
+		headers.Append("x-ms-deny-encryption-scope-override", fmt.Sprintf("%t", o.input.EncryptionScopeOverrideDisabled))
 	}
 
 	return headers

diff --git a/storage/2023-11-03/blob/containers/get_properties.go b/storage/2023-11-03/blob/containers/get_properties.go
@@ -51,6 +51,7 @@ func (c Client) GetProperties(ctx context.Context, containerName string, input G
 		result.HttpResponse = resp.Response
 
 		if resp.Header != nil {
+			result.DefaultEncryptionScope = resp.Header.Get("x-ms-default-encryption-scope")
 			result.LeaseStatus = LeaseStatus(resp.Header.Get("x-ms-lease-status"))
 			result.LeaseState = LeaseState(resp.Header.Get("x-ms-lease-state"))
 			if result.LeaseStatus == Locked {
@@ -67,8 +68,10 @@ func (c Client) GetProperties(ctx context.Context, containerName string, input G
 			}
 
 			// we can't necessarily use strconv.ParseBool here since this could be nil (only in some API versions)
+			result.EncryptionScopeOverrideDisabled = strings.EqualFold(resp.Header.Get("x-ms-deny-encryption-scope-override"), "true")
 			result.HasImmutabilityPolicy = strings.EqualFold(resp.Header.Get("x-ms-has-immutability-policy"), "true")
 			result.HasLegalHold = strings.EqualFold(resp.Header.Get("x-ms-has-legal-hold"), "true")
+
 			result.MetaData = metadata.ParseFromHeaders(resp.Header)
 		}
 	}

diff --git a/storage/2023-11-03/blob/containers/models.go b/storage/2023-11-03/blob/containers/models.go
@@ -19,13 +19,15 @@ var (
 )
 
 type ContainerProperties struct {
-	AccessLevel           AccessLevel
-	LeaseStatus           LeaseStatus
-	LeaseState            LeaseState
-	LeaseDuration         *LeaseDuration
-	MetaData              map[string]string
-	HasImmutabilityPolicy bool
-	HasLegalHold          bool
+	AccessLevel                     AccessLevel
+	DefaultEncryptionScope          string
+	EncryptionScopeOverrideDisabled bool
+	LeaseStatus                     LeaseStatus
+	LeaseState                      LeaseState
+	LeaseDuration                   *LeaseDuration
+	MetaData                        map[string]string
+	HasImmutabilityPolicy           bool
+	HasLegalHold                    bool
 }
 
 type Dataset string