Provide script to purge soft-deleted resources
Closed this issue ยท 9 comments
Is your feature request related to a problem? Please describe.
Currently one cannot purge soft-deleted services via PowerShell, this has to be done via a DELETE operation.
By providing this PS-functionality, one doesn't have to use a tool or script to build the proper request before being able to purge the service.
Describe the solution you'd like
Suggested method:
Remove-AzSoftDeletedService
Parameters:
- SubscriptionId:
The Id of the subscription in which the soft-deleted service exists. - ServiceType:
The type of service which is to be purged.
For example: Microsoft.ApiManagement - Location:
The region where the soft-deleted service was created.
For example: WestEurope - ServiceName:
The name of the service which is to be purged.
For example: arcus-dev-we-gateway
Describe alternatives you've considered
The alternative would be to use a tool, such as PostMan, to create the DELETE-request to purge the service.
Additional context
See Microsoft documentation on how to purge a soft-deleted APIM-instance for example: here
The same could be created to recover soft-deleted services:
Restore-AzSoftDeletedService
Or to list the soft-deleted services:
Get-AzSoftDeletedServices
Open to suggestions as to which "domain" this should belong to.
Maybe this belongs in a 'general' domain like we have one for security and devops.
But great idea!
I was thinking of Arcus.Scripting
but that's maybe to general and people won't know directly what's about. Maybe under something called 'management' or 'resource management'.
Maybe this belongs in a 'general' domain like we have one for security and devops. But great idea!
I was thinking of
Arcus.Scripting
but that's maybe to general and people won't know directly what's about. Maybe under something called 'management' or 'resource management'.
I like the idea about Arcus.Scripting.Management :)
@mbraekman what resources are you thinking of to support in this script? Initially just APIM or others as well?
@pim-simons I'd start with APIM and perhaps all of those resource types which are currently supported by 1 or another script within Arcus.
Could easily be extended later on of course.
Did a small inventorisation of the resource types we support within Arcus and whether or not they support soft-delete and the current scripting support for purging and recovering.
- App Service - Soft-delete not available
- Data Factory - Soft-delete not available
- Integration Account - Soft-delete not available
- KeyVault - Supports soft-delete but there are already Powershell commands available to purge and restore, see https://docs.microsoft.com/en-us/azure/key-vault/general/key-vault-recovery?tabs=azure-powershell#key-vault-powershell
- Logic Apps - Soft-delete not available
- SQL - There seems to be some support in the form of Azure Backup, see https://docs.microsoft.com/en-us/azure/backup/soft-delete-sql-saphana-in-azure-vm. There are already Powershell commands available, see https://docs.microsoft.com/en-us/azure/backup/backup-azure-security-feature-cloud#using-azure-powershell.
- Storage Account - Support for soft deleting blobs and containers, already seems to be Powershell commands available for blobs, see https://docs.microsoft.com/en-us/azure/storage/blobs/soft-delete-blob-manage?tabs=dotnet#restore-soft-deleted-blobs-and-directories-by-using-powershell.
I don't see that much resources we can support next to API Management, but maybe I overlooked something and if so please correct me ๐ @mbraekman maybe you have some more insight or ideas about this?
Regarding the naming of the scripts, suggested is Restore-AzSoftDeletedService
, Get-AzSoftDeletedServices
and Remove-AzSoftDeletedService
.
That would mean that if we support multiple resources that could possibly make the script quite large since not every resource has to use the same functionality for purge and recovery. API Management uses this HTTP call to purge: https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.ApiManagement/locations/{location}/deletedservices/{serviceName}?api-version=2020-06-01-preview
, but I can't really find any other resource that uses the same kind of HTTP call (but again maybe I am overlooking something).
Maybe in that case it would make more sense to have specific Powershell scripts per resource within the Arcus.Scripting.Management
domain like so Restore-AzSoftDeletedService-ApiManagement
, Get-AzSoftDeletedServices-ApiManagement
and Remove-AzSoftDeletedService-ApiManagement
.
Any thoughts on that @mbraekman?
Aha, ok, that needs to checked indeed. maybe we should indeed split it by resource, then. Maybe also cleaner for consumers, that way. Otherwise, you can't see what kind of resource is being changed.
Naming afterwards can be discussed. Our current functions all use this Azure pattern: Something-AzResourceType...
, so maybe this should be Restore-AzApiManagementSoftDeletedService
. But, again, that's future music ๐ .
AMAZING, job, @pim-simons , in investigating this. Probably a bunch of work. ๐ฅ
Restore-AzApiManagementSoftDeletedService
and Remove-AzApiManagementSoftDeletedService
within Arcus.Scripting.Management
seems like a good naming solution ๐