Provide script to purge soft-deleted resources

Question

Provide script to purge soft-deleted resources

Closed this issue 3 years ago · 9 comments

Is your feature request related to a problem? Please describe.
Currently one cannot purge soft-deleted services via PowerShell, this has to be done via a DELETE operation.
By providing this PS-functionality, one doesn't have to use a tool or script to build the proper request before being able to purge the service.

Describe the solution you'd like
Suggested method:
Remove-AzSoftDeletedService

Parameters:

SubscriptionId:
The Id of the subscription in which the soft-deleted service exists.
ServiceType:
The type of service which is to be purged.
For example: Microsoft.ApiManagement
Location:
The region where the soft-deleted service was created.
For example: WestEurope
ServiceName:
The name of the service which is to be purged.
For example: arcus-dev-we-gateway

Describe alternatives you've considered
The alternative would be to use a tool, such as PostMan, to create the DELETE-request to purge the service.

Additional context
See Microsoft documentation on how to purge a soft-deleted APIM-instance for example: here

The same could be created to recover soft-deleted services:

Restore-AzSoftDeletedService

Or to list the soft-deleted services:

Get-AzSoftDeletedServices

Answer 1 · 2021-07-14T06:59:41.000Z

Open to suggestions as to which "domain" this should belong to.

Answer 2 · 2021-07-23T11:15:20.000Z

Maybe this belongs in a 'general' domain like we have one for security and devops.
But great idea!

I was thinking of Arcus.Scripting but that's maybe to general and people won't know directly what's about. Maybe under something called 'management' or 'resource management'.

Answer 3 · 2021-11-19T08:11:52.000Z

Maybe this belongs in a 'general' domain like we have one for security and devops. But great idea!

I was thinking of Arcus.Scripting but that's maybe to general and people won't know directly what's about. Maybe under something called 'management' or 'resource management'.

I like the idea about Arcus.Scripting.Management :)

Answer 4 · 2022-02-02T11:06:17.000Z

@mbraekman what resources are you thinking of to support in this script? Initially just APIM or others as well?

Answer 5 · 2022-02-02T12:56:24.000Z

@pim-simons I'd start with APIM and perhaps all of those resource types which are currently supported by 1 or another script within Arcus.
Could easily be extended later on of course.

Answer 6 · 2022-02-08T12:25:56.000Z

Did a small inventorisation of the resource types we support within Arcus and whether or not they support soft-delete and the current scripting support for purging and recovering.

App Service - Soft-delete not available
Data Factory - Soft-delete not available
Integration Account - Soft-delete not available
KeyVault - Supports soft-delete but there are already Powershell commands available to purge and restore, see https://docs.microsoft.com/en-us/azure/key-vault/general/key-vault-recovery?tabs=azure-powershell#key-vault-powershell
Logic Apps - Soft-delete not available
SQL - There seems to be some support in the form of Azure Backup, see https://docs.microsoft.com/en-us/azure/backup/soft-delete-sql-saphana-in-azure-vm. There are already Powershell commands available, see https://docs.microsoft.com/en-us/azure/backup/backup-azure-security-feature-cloud#using-azure-powershell.
Storage Account - Support for soft deleting blobs and containers, already seems to be Powershell commands available for blobs, see https://docs.microsoft.com/en-us/azure/storage/blobs/soft-delete-blob-manage?tabs=dotnet#restore-soft-deleted-blobs-and-directories-by-using-powershell.

I don't see that much resources we can support next to API Management, but maybe I overlooked something and if so please correct me 😉 @mbraekman maybe you have some more insight or ideas about this?

Answer 7 · 2022-02-08T12:26:05.000Z

Regarding the naming of the scripts, suggested is Restore-AzSoftDeletedService, Get-AzSoftDeletedServices and Remove-AzSoftDeletedService.
That would mean that if we support multiple resources that could possibly make the script quite large since not every resource has to use the same functionality for purge and recovery. API Management uses this HTTP call to purge: https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.ApiManagement/locations/{location}/deletedservices/{serviceName}?api-version=2020-06-01-preview, but I can't really find any other resource that uses the same kind of HTTP call (but again maybe I am overlooking something).

Maybe in that case it would make more sense to have specific Powershell scripts per resource within the Arcus.Scripting.Management domain like so Restore-AzSoftDeletedService-ApiManagement, Get-AzSoftDeletedServices-ApiManagement and Remove-AzSoftDeletedService-ApiManagement.
Any thoughts on that @mbraekman?

Answer 8 · 2022-02-10T06:38:13.000Z

Aha, ok, that needs to checked indeed. maybe we should indeed split it by resource, then. Maybe also cleaner for consumers, that way. Otherwise, you can't see what kind of resource is being changed.
Naming afterwards can be discussed. Our current functions all use this Azure pattern: Something-AzResourceType..., so maybe this should be Restore-AzApiManagementSoftDeletedService. But, again, that's future music 😉 .

AMAZING, job, @pim-simons , in investigating this. Probably a bunch of work. 🥇

Answer 9 · 2022-02-10T08:59:27.000Z

Restore-AzApiManagementSoftDeletedService and Remove-AzApiManagementSoftDeletedService within Arcus.Scripting.Management seems like a good naming solution 😎