def _create_account(self, resource_group_name, account_name):
storage_async_operation = self.client.storage_accounts.begin_create(
resource_group_name,
account_name,
{
"sku": {"name": self.sku},
"location": self.location,
"kind": self.kind,
"enable_https_traffic_only": True,
},
)
props = BlobServiceProperties()
if self.is_versioning_enabled is True:
props.is_versioning_enabled = True
if self.container_retention_days:
props.container_delete_retention_policy = DeleteRetentionPolicy(
enabled=True, days=self.container_retention_days
)
if self.is_last_access_time_enabled:
props.last_access_time_tracking_policy = LastAccessTimeTrackingPolicy(enable=True)
if not all(prop is None for prop in props.as_dict().values()):
self.client.blob_services.set_service_properties(resource_group_name, account_name, props)
sleep(30)
return storage_async_operation
def remediate(self, client, resource_group_name, account_name):
"""Enable Soft Delete for Storage Account Blob Service
:param client: Instance of the Azure StorageManagementClient.
:param resource_group_name: The name of the resource group to which the storage account belongs
:param account_name: The name of the storage account.
:type resource_group_name: str.
:type account_name: str.
:returns: Integer signaling success or failure
:rtype: int
:raises: msrestazure.azure_exceptions.CloudError
"""
logging.info("Enabling Soft Delete for Storage Account Blob Service")
try:
logging.info(" executing client.blob_services.set_service_properties")
logging.info(f" resource_group_name={resource_group_name}")
logging.info(f" account_name={account_name}")
client.blob_services.set_service_properties(
resource_group_name=resource_group_name,
account_name=account_name,
parameters=BlobServiceProperties(
delete_retention_policy=DeleteRetentionPolicy(enabled=True, days=7)
),
)
except Exception as e:
logging.error(f"{str(e)}")
raise
return 0
def test_remediate_success(self):
client = Mock()
action = EnableBlobServiceSoftDelete()
assert action.remediate(client, "resource_group", "account_name") == 0
assert client.blob_services.set_service_properties.call_count == 1
call_args = client.blob_services.set_service_properties.call_args
updated_blob_service = call_args[1]["parameters"]
blob_soft_delete = DeleteRetentionPolicy(enabled=True, days=7)
assert updated_blob_service.delete_retention_policy == blob_soft_delete
def create_storage_account(
self,
resource_group_name,
name,
region,
storage_client,
):
"""Creates a Storage Account
:param storage_client: Instance of the Azure StorageManagementClient.
:param region: The location in which the storage account exists.
:param name: The Storage Account name.
:param resource_group_name: The name of the resource group.
:type storage_client: object
:type region: str
:type name: str
:type resource_group_name: str
:returns: StorageAccount object
:rtype: object
"""
create_params = StorageAccountCreateParameters(
location=region,
sku=sku_storage(name=SkuName.STANDARD_LRS, tier=SkuTier.STANDARD),
identity=Identity(type="SystemAssigned"),
kind="StorageV2",
enable_https_traffic_only=True,
network_rule_set=NetworkRuleSet(default_action=DefaultAction.DENY),
tags={"Created By": "CHSS"},
)
stg_account = storage_client.storage_accounts.begin_create(
resource_group_name=resource_group_name,
account_name=name,
parameters=create_params,
).result()
storage_client.blob_services.set_service_properties(
resource_group_name=resource_group_name,
account_name=name,
parameters=BlobServiceProperties(
delete_retention_policy=DeleteRetentionPolicy(enabled=True,
days=7)),
)
return stg_account