From d049ce2d017df969e790d426c70b411df00ef395 Mon Sep 17 00:00:00 2001 From: Marcus Robinson Date: Fri, 21 Feb 2025 09:33:43 +0000 Subject: [PATCH 1/3] Add soft delete to workspace storage account Fixes #4385 Add soft delete configuration to Workspace storage accounts. * Add `blob_properties` block with `delete_retention_policy` and `container_delete_retention_policy` settings to `azurerm_storage_account` resource in `templates/workspaces/base/terraform/storage.tf`. * Add `file_properties` block with `delete_retention_policy` settings to `azurerm_storage_account` resource in `templates/workspaces/base/terraform/storage.tf`. --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/microsoft/AzureTRE/issues/4385?shareId=XXXX-XXXX-XXXX-XXXX). --- templates/workspaces/base/terraform/storage.tf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/templates/workspaces/base/terraform/storage.tf b/templates/workspaces/base/terraform/storage.tf index 7fc6f00a2c..4e6eb86a2a 100644 --- a/templates/workspaces/base/terraform/storage.tf +++ b/templates/workspaces/base/terraform/storage.tf @@ -31,6 +31,21 @@ resource "azurerm_storage_account" "stg" { infrastructure_encryption_enabled = true lifecycle { ignore_changes = [infrastructure_encryption_enabled, tags] } + + blob_properties { + delete_retention_policy { + days = 7 + } + container_delete_retention_policy { + days = 7 + } + } + + file_properties { + delete_retention_policy { + days = 7 + } + } } # Using AzAPI as AzureRM uses shared account key for Azure files operations From 6c4a4cb4c627d637aa159ca105b8900b15a6a064 Mon Sep 17 00:00:00 2001 From: Marcus Robinson Date: Fri, 21 Feb 2025 14:52:42 +0000 Subject: [PATCH 2/3] Update changelog and bundle version. --- CHANGELOG.md | 1 + templates/workspaces/base/porter.yaml | 14 +++++++------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fce6e5f9b2..491e0df878 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ **BREAKING CHANGES & MIGRATIONS**: ENHANCEMENTS: +* Add 7 day retention on workspace storage accounts. ([#4389](https://github.com/microsoft/AzureTRE/issues/4389)) BUG FIXES: diff --git a/templates/workspaces/base/porter.yaml b/templates/workspaces/base/porter.yaml index 55976e1b09..c70b5ff45f 100644 --- a/templates/workspaces/base/porter.yaml +++ b/templates/workspaces/base/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-workspace-base -version: 2.0.0 +version: 2.0.1 description: "A base Azure TRE workspace" dockerfile: Dockerfile.tmpl registry: azuretre @@ -268,17 +268,17 @@ upgrade: - login flags: service-principal: "" - username: '${ bundle.credentials.auth_client_id }' - password: '${ bundle.credentials.auth_client_secret }' - tenant: '${ bundle.credentials.auth_tenant_id }' + username: "${ bundle.credentials.auth_client_id }" + password: "${ bundle.credentials.auth_client_secret }" + tenant: "${ bundle.credentials.auth_tenant_id }" allow-no-subscriptions: "" - exec: description: "Update workspace app redirect urls" command: ./update_redirect_urls.sh flags: - workspace-api-client-id: '${ bundle.parameters.client_id }' - aad-redirect-uris-b64: '${ bundle.parameters.aad_redirect_uris }' - register-aad-application: '${ bundle.parameters.register_aad_application }' + workspace-api-client-id: "${ bundle.parameters.client_id }" + aad-redirect-uris-b64: "${ bundle.parameters.aad_redirect_uris }" + register-aad-application: "${ bundle.parameters.register_aad_application }" uninstall: - terraform: From 3fc61d04ec39bf1885e0d22fb27963ed6dbb08dd Mon Sep 17 00:00:00 2001 From: Marcus Robinson Date: Fri, 21 Feb 2025 20:53:29 +0000 Subject: [PATCH 3/3] Fix retention policy --- templates/workspaces/base/terraform/storage.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/workspaces/base/terraform/storage.tf b/templates/workspaces/base/terraform/storage.tf index 4e6eb86a2a..8792f7173f 100644 --- a/templates/workspaces/base/terraform/storage.tf +++ b/templates/workspaces/base/terraform/storage.tf @@ -41,8 +41,8 @@ resource "azurerm_storage_account" "stg" { } } - file_properties { - delete_retention_policy { + share_properties { + retention_policy { days = 7 } }