[Storage] az storage account create/update: Add breaking change warning for --min-tls-version values tls1_0 and tls1_1 (#32652)

Author: calvinhzy

src/azure-cli/azure/cli/command_modules/storage/_breaking_change.py

@@ -0,0 +1,14 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+# --------------------------------------------------------------------------------------------
+
+from azure.cli.core.breaking_change import register_other_breaking_change
+
+# --min-tls-version removing version 1.0 1.1
+register_other_breaking_change('storage account create',
+                               message='The --min-tls-version argument values TLS1_0 and TLS1_1 have been retired on'
+                                       ' 2026/02/03 and will be removed on 2026/03/03.')
+register_other_breaking_change('storage account update',
+                               message='The --min-tls-version argument values TLS1_0 and TLS1_1 have been retired on'
+                                       ' 2026/02/03 and will be removed on 2026/03/03.')

src/azure-cli/azure/cli/command_modules/storage/_params.py

@@ -390,8 +390,8 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
                    'public access setting for a container is required to enable anonymous access.')
         c.argument('min_tls_version', arg_type=get_enum_type(t_tls_version),
                    help='The minimum TLS version to be permitted on requests to storage. '
-                        'While the default setting is TLS 1.0 for this property, '
-                        'Microsoft recommends setting MinimumTlsVersion to 1.2 or above.')
+                        ' Values TLS1_0 and TLS1_1 have been retired on 2026/02/03 and will be removed on 2026/03/03.'
+                        ' Microsoft recommends setting MinimumTlsVersion to TLS1_2')
         c.argument('allow_shared_key_access', allow_shared_key_access_type)
         c.argument('edge_zone', edge_zone_type)
         c.argument('identity_type', arg_type=get_enum_type(t_identity_type), arg_group='Identity',
@@ -509,8 +509,8 @@ def load_arguments(self, _):  # pylint: disable=too-many-locals, too-many-statem
                    'public access setting for a container is required to enable anonymous access.')
         c.argument('min_tls_version', arg_type=get_enum_type(t_tls_version),
                    help='The minimum TLS version to be permitted on requests to storage. '
-                        'While the default setting is TLS 1.0 for this property, '
-                        'Microsoft recommends setting MinimumTlsVersion to 1.2 or above.')
+                        ' Values TLS1_0 and TLS1_1 have been retired on 2026/02/03 and will be removed on 2026/03/03.'
+                        ' Microsoft recommends setting MinimumTlsVersion to TLS1_2')
         c.argument('allow_shared_key_access', allow_shared_key_access_type)
         c.argument('identity_type', arg_type=get_enum_type(t_identity_type), arg_group='Identity',
                    help='The identity type.')

src/azure-cli/azure/cli/command_modules/storage/operations/account.py

@@ -261,6 +261,9 @@ def create_storage_account(cmd, resource_group_name, account_name, sku=None, loc
         params.encryption.require_infrastructure_encryption = require_infrastructure_encryption
 
     if min_tls_version:
+        if min_tls_version in ['TLS1_0', 'TLS1_1']:
+            logger.warning('TLS 1.0 and TLS 1.1 have been retired on 2026/02/03, will use TLS 1.2 instead.')
+            min_tls_version = 'TLS1_2'
         params.minimum_tls_version = min_tls_version
 
     if allow_shared_key_access is not None:
@@ -680,7 +683,11 @@ def update_storage_account(cmd, instance, sku=None, tags=None, custom_domain=Non
 
     if allow_blob_public_access is not None:
         params.allow_blob_public_access = allow_blob_public_access
+
     if min_tls_version:
+        if min_tls_version in ['TLS1_0', 'TLS1_1']:
+            logger.warning('TLS 1.0 and TLS 1.1 have been retired on 2026/02/03, will use TLS 1.2 instead.')
+            min_tls_version = 'TLS1_2'
         params.minimum_tls_version = min_tls_version
 
     if allow_shared_key_access is not None: