[Storage]Support set Table/Queue Encyrption Keytype in Create Storage Account

src/Storage/Storage.Management.Test/ScenarioTests/StorageAccountTests.cs

@@ -197,5 +197,12 @@ public void TestNewSetAzureStorageAccount_LargeFileShare()
         {
             TestRunner.RunTestScript("Test-NewSetAzureStorageAccount_LargeFileShare");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestNewAzureStorageAccountQueueTableEncrytionKeyType()
+        {
+            TestRunner.RunTestScript("Test-NewAzureStorageAccountQueueTableEncrytionKeyType");
+        }
     }
 }

src/Storage/Storage.Management.Test/ScenarioTests/StorageAccountTests.ps1

@@ -1289,4 +1289,46 @@ function Test-NewSetAzureStorageAccount_LargeFileShare
         # Cleanup
         Clean-ResourceGroup $rgname
     }
+}
+
+<#
+.SYNOPSIS
+Test Test-NewAzureStorageAccountQueueTableEncrytionKeyType
+.DESCRIPTION
+SmokeTest
+#>
+function Test-NewAzureStorageAccountQueueTableEncrytionKeyType
+{
+    # Setup
+    $rgname = Get-StorageManagementTestResourceName;
+
+    try
+    {
+        # Test
+        $stoname = 'sto' + $rgname;
+        $stotype = 'Standard_LRS';
+        $loc = Get-ProviderLocation_Canary ResourceManagement;
+        $kind = 'StorageV2'
+
+        New-AzResourceGroup -Name $rgname -Location $loc;
+        Write-Output ("Resource Group created")
+
+		# new account
+        New-AzStorageAccount -ResourceGroupName $rgname -Name $stoname -Location $loc -SkuName $stotype -EncryptionKeyTypeForTable Service -EncryptionKeyTypeForQueue Service
+
+        Retry-IfException { $global:sto = Get-AzStorageAccount -ResourceGroupName $rgname -Name $stoname; }
+        Assert-AreEqual $stoname $sto.StorageAccountName;
+        Assert-AreEqual $stotype $sto.Sku.Name;
+        Assert-AreEqual $loc.ToLower().Replace(" ", "") $sto.Location;
+        Assert-AreEqual $kind $sto.Kind;
+        Assert-AreEqual "Account" $sto.Encryption.Services.Blob.KeyType
+        Assert-AreEqual "Account" $sto.Encryption.Services.File.KeyType
+
+        Remove-AzStorageAccount -Force -ResourceGroupName $rgname -Name $stoname;
+    }
+    finally
+    {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
 }

src/Storage/Storage.Management.Test/Storage.Management.Test.csproj

@@ -11,7 +11,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Azure.Management.Storage" Version="14.2.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Storage" Version="14.3.0" />
   </ItemGroup>
 
 </Project>

src/Storage/Storage.Management/ChangeLog.md

@@ -18,6 +18,8 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Support set Table/Queue Encyrption Keytype in Create Storage Account
+	- New-AzRmStorageAccount
 * Add breaking change warning message for DefaultAction Value change in a future release
     - Update-AzStorageAccountNetworkRuleSet
 

src/Storage/Storage.Management/Storage.Management.csproj

@@ -14,10 +14,10 @@
     <RootNamespace>$(LegacyAssemblyPrefix)$(PsModuleName)</RootNamespace>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.Azure.Management.Storage" Version="14.2.0" />
-    <PackageReference Include="Microsoft.Azure.Storage.Blob" Version="11.2.0-Release-jenkins-dotnet-nuget-231" />
-    <PackageReference Include="Microsoft.Azure.Storage.File" Version="11.2.0-Release-jenkins-dotnet-nuget-231" />
-    <PackageReference Include="Microsoft.Azure.Storage.Queue" Version="11.2.0-Release-jenkins-dotnet-nuget-231" />
+    <PackageReference Include="Microsoft.Azure.Management.Storage" Version="14.3.0" />
+    <PackageReference Include="Microsoft.Azure.Storage.Blob" Version="11.1.0" />
+    <PackageReference Include="Microsoft.Azure.Storage.File" Version="11.1.0" />
+    <PackageReference Include="Microsoft.Azure.Storage.Queue" Version="11.1.0" />
   </ItemGroup>
   <ItemGroup>
     <Compile Include="$(StorageToolsPath)Adapters\ARM.Storage.6\ARMStorageProvider.cs" Link="Common\ARMStorageProvider.cs" />

src/Storage/Storage.Management/StorageAccount/NewAzureStorageAccount.cs

@@ -260,6 +260,18 @@ public bool EnableActiveDirectoryDomainServicesForFile
         [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
         public SwitchParameter AsJob { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Set the Encryption KeyType for Table. -Account, Table will be encrypted with account-scoped encryption key. -Service, Table will always be encrypted with Service-Managed keys. The default value is Service.")]
+        [ValidateSet(StorageModels.KeyType.Service, 
+            StorageModels.KeyType.Account, 
+            IgnoreCase = true)]
+        public string EncryptionKeyTypeForTable { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Set the Encryption KeyType for Queue. -Account, Queue will be encrypted with account-scoped encryption key. -Service, Queue will always be encrypted with Service-Managed keys. The default value is Service.")]
+        [ValidateSet(StorageModels.KeyType.Service,
+            StorageModels.KeyType.Account,
+            IgnoreCase = true)]
+        public string EncryptionKeyTypeForQueue { get; set; }
+
         public override void ExecuteCmdlet()
         {
             base.ExecuteCmdlet();
@@ -356,6 +368,20 @@ public override void ExecuteCmdlet()
             {
                 createParameters.LargeFileSharesState = LargeFileSharesState.Enabled;
             }
+            if(this.EncryptionKeyTypeForQueue != null || this.EncryptionKeyTypeForTable != null)
+            {
+                createParameters.Encryption = new Encryption();
+                createParameters.Encryption.KeySource = KeySource.MicrosoftStorage;
+                createParameters.Encryption.Services = new EncryptionServices();
+                if (this.EncryptionKeyTypeForQueue != null)
+                {
+                    createParameters.Encryption.Services.Queue = new EncryptionService(keyType: this.EncryptionKeyTypeForQueue);
+                }
+                if (this.EncryptionKeyTypeForTable != null)
+                {
+                    createParameters.Encryption.Services.Table = new EncryptionService(keyType: this.EncryptionKeyTypeForTable);
+                }
+            }
 
             var createAccountResponse = this.StorageClient.StorageAccounts.Create(
                 this.ResourceGroupName,

src/Storage/Storage.Management/help/New-AzStorageAccount.md

@@ -19,7 +19,8 @@ New-AzStorageAccount [-ResourceGroupName] <String> [-Name] <String> [-SkuName] <
  [-Kind <String>] [-AccessTier <String>] [-CustomDomainName <String>] [-UseSubDomain <Boolean>]
  [-Tag <Hashtable>] [-EnableHttpsTrafficOnly <Boolean>] [-AssignIdentity] [-NetworkRuleSet <PSNetworkRuleSet>]
  [-EnableHierarchicalNamespace <Boolean>] [-EnableAzureActiveDirectoryDomainServicesForFile <Boolean>]
- [-EnableLargeFileShare] [-AsJob] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-EnableLargeFileShare] [-AsJob] [-EncryptionKeyTypeForTable <String>] [-EncryptionKeyTypeForQueue <String>]
+ [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ### ActiveDirectoryDomainServicesForFile
@@ -100,6 +101,13 @@ PS C:\>New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "m
 
 This command creates a Storage account withenable Files Active Directory Domain Service Authentication.
 
+### Example 8: Create a Storage account with Queue and Table Service use account-scoped encryption key.
+```
+PS C:\>New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "mystorageaccount" -Location "eastus2euap" -SkuName "Standard_LRS" -Kind StorageV2  -EncryptionKeyTypeForTable Account -EncryptionKeyTypeForQueue Account
+```
+
+This command creates a Storage account with Queue and Table Service use account-scoped encryption key, so Queue and Table will use same encryption key with Blob and File service. 
+
 ## PARAMETERS
 
 ### -AccessTier
@@ -351,6 +359,42 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -EncryptionKeyTypeForQueue
+Set the Encryption KeyType for Queue. The default value is Service.
+-Account: Queue will be encrypted with account-scoped encryption key. 
+-Service: Queue will always be encrypted with Service-Managed keys. 
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+Accepted values: Service, Account
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -EncryptionKeyTypeForTable
+Set the Encryption KeyType for Table. The default value is Service.
+- Account: Table will be encrypted with account-scoped encryption key. 
+- Service: Table will always be encrypted with Service-Managed keys. 
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+Accepted values: Service, Account
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -EnableLargeFileShare
 Indicates whether or not the storage account can support large file shares with more than 5 TiB capacity. 
 Once the account is enabled, the feature cannot be disabled.