search

microsoft / PSRule

Validate infrastructure as code (IaC) and objects using PowerShell rules.
https://microsoft.github.io/PSRule/v2/
MIT License
386 stars 50 forks source link

Enable blob soft delete on Storage Accounts Issue #1039

Closed bgawale closed 2 years ago

bgawale commented 2 years ago

The storage account has got soft delete enabled for blobs and containers and template contains the code for same, however PSRule cannot evaluate it correctly and returns error (in Azure DevOps)

[error] failedAzure.Storage.SoftDelete. Enable blob soft delete on Storage Accounts.

To Reproduce

Steps to reproduce the issue: Configure the template to contain soft delete enabled with settings shown as here https://gist.github.com/bgawale/204925fa344e92ead1e34bdc5d4bab6c and run the PS Rule assertion. 

{
              "type": "Microsoft.Storage/storageAccounts/blobServices",
              "apiVersion": "2021-08-01",
              "name": "[format('{0}/{1}', parameters('arm_storage_name'), 'default')]",
              "properties": {
                "changeFeed": {
                  "enabled": false
                },
                "restorePolicy": {
                  "enabled": false
                },
                "containerDeleteRetentionPolicy": {
                  "enabled": true,
                  "days": 7
                },
                "cors": {
                  "corsRules": []
                },
                "deleteRetentionPolicy": {
                  "enabled": true,
                  "days": 7
                },
                "isVersioningEnabled": false
              },
              "dependsOn": [
                "[resourceId('Microsoft.Storage/storageAccounts', parameters('arm_storage_name'))]"
              ]
            }

Expected behaviour

The test for soft delete check should pass and there should not be any error.

Error output

[error]<str_acc_name> failedAzure.Storage.SoftDelete. Enable blob soft delete on Storage Accounts.

Module in use and version: Using PSRule.Rules.Azure v1.14.0-B2203117 Using module: PSRule - v2.0.0

bgawale commented 2 years ago

Update - Same works fine with PSRule.Rules.Azure - v1.13.4

BernieWhite commented 2 years ago

@bgawale Yes it is a known issue with the pre-release. Tracking Azure/PSRule.Rules.Azure#1348

Have a PR in to fix it, should be fixed soon.

BernieWhite commented 2 years ago

@bgawale As this is related to a bug that was fixed in a downstream release of v1.14.0. I'm going to close this issue.

If you have further issues with this specific issue, please report over here: https://github.com/Azure/PSRule.Rules.Azure/issues

Thanks.