Fixing purging of managed storage accounts

Author: dragav

src/ResourceManager/KeyVault/Commands.KeyVault/Commands/ManagedStorageAccounts/RemoveAzureKeyVaultManagedStorageAccount.cs

@@ -17,6 +17,7 @@
 using System.Management.Automation;
 using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties;
 using Microsoft.Azure.Commands.KeyVault.Models.ManagedStorageAccounts;
+using Microsoft.Azure.Commands.KeyVault.Properties;
 
 namespace Microsoft.Azure.Commands.KeyVault
 {
@@ -43,6 +44,13 @@ public class RemoveAzureKeyVaultManagedStorageAccount : KeyVaultCmdletBase
         [Alias( Constants.StorageAccountName, Constants.Name )]
         public string AccountName { get; set; }
 
+        /// <summary>
+        /// If present, operate on the deleted entity.
+        /// </summary>
+        [Parameter(Mandatory = false,
+                    HelpMessage = "Permanently remove the previously deleted managed storage account.")]
+        public SwitchParameter InRemovedState { get; set; }
+
         /// <summary>
         /// If present, do not ask for confirmation
         /// </summary>
@@ -58,6 +66,24 @@ public class RemoveAzureKeyVaultManagedStorageAccount : KeyVaultCmdletBase
 
         public override void ExecuteCmdlet()
         {
+            if (InRemovedState.IsPresent)
+            {
+                ConfirmAction(
+                    Force.IsPresent,
+                    string.Format(
+                        CultureInfo.InvariantCulture,
+                        Resources.RemoveDeletedManagedStorageAccountWarning,
+                        AccountName),
+                    string.Format(
+                        CultureInfo.InvariantCulture,
+                        Resources.RemoveDeletedManagedStorageAccountWhatIfMessage,
+                        AccountName),
+                    AccountName,
+                    () => { DataServiceClient.PurgeManagedStorageAccount(VaultName, AccountName); });
+
+                return;
+            }
+
             PSDeletedKeyVaultManagedStorageAccount managedManagedStorageAccount = null;
             ConfirmAction(
                 Force.IsPresent,

src/ResourceManager/KeyVault/Commands.KeyVault/Commands/RemoveAzureKeyVaultCertificate.cs

@@ -69,7 +69,7 @@ public class RemoveAzureKeyVaultCertificate : KeyVaultCmdletBase
         public PSKeyVaultCertificateIdentityItem InputObject { get; set; }
 
         /// <summary>
-        /// If present, operate on the deleted key entity.
+        /// If present, operate on the deleted entity.
         /// </summary>
         [Parameter(Mandatory = false,
                     HelpMessage = "Permanently remove the previously deleted certificate.")]

src/ResourceManager/KeyVault/Commands.KeyVault/Properties/Resources.Designer.cs

@@ -474,4 +474,10 @@ You can find the object ID using Azure Active Directory Module for Windows Power
   <data name="RecoverManagedStorageSasDefinition" xml:space="preserve">
     <value>Recover KeyVault-managed storage account SAS definition.</value>
   </data>
+  <data name="RemoveDeletedManagedStorageAccountWarning" xml:space="preserve">
+    <value>Are you sure you want to purge managed storage account '{0}'</value>
+  </data>
+  <data name="RemoveDeletedManagedStorageAccountWhatIfMessage" xml:space="preserve">
+    <value>Purge managed storage account</value>
+  </data>
 </root>

src/ResourceManager/KeyVault/Commands.KeyVault/Properties/Resources.resx

@@ -13,8 +13,8 @@ Removes a Key Vault managed Azure Storage Account and all associated SAS definit
 ## SYNTAX
 
 ```
-Remove-AzureKeyVaultManagedStorageAccount [-VaultName] <String> [-AccountName] <String> [-Force] [-PassThru]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+Remove-AzureKeyVaultManagedStorageAccount [-VaultName] <String> [-AccountName] <String> [-InRemovedState]
+ [-Force] [-PassThru] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -36,6 +36,18 @@ PS C:\> Remove-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -AccountN
 
 Disassociates Azure Storage Account 'mystorageaccount' from Key Vault 'myvault' and stops Key Vault from managing its keys. The account 'mystorageaccount' will not be removed. All Key Vault managed Storage SAS definitions associated with this account will be removed.
 
+### Example 3: Permanently delete (purge) a Key Vault managed Azure Storage Account and all associated SAS definitions from a soft-delete-enabled vault.
+```
+PS C:\> Remove-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -AccountName 'mystorageaccount' 
+PS C:\> Get-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -AccountName 'mystorageaccount' -InRemovedState
+PS C:\> Remove-AzureKeyVaultManagedStorageAccount -VaultName 'myvault' -AccountName 'mystorageaccount' -InRemovedState 
+```
+
+The example assumes that soft-delete is enabled for this vault. Verify whether that is the case by examining the vault properties, or the RecoveryLevel attribute of an entity in the vault.
+The first cmdlet disassociates Azure Storage Account 'mystorageaccount' from Key Vault 'myvault' and stops Key Vault from managing its keys. The account 'mystorageaccount' will not be removed. All Key Vault managed Storage SAS definitions associated with this account will be removed.
+The second cmdlet verifies that the storage account is in a deleted, but recoverable state. Reaching this state may require some time, please allow ~30s before attempting.
+The third cmdlet permanently removes the storage account - recovery will no longer be possible.
+
 ## PARAMETERS
 
 ### -AccountName
@@ -83,6 +95,19 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -InRemovedState
+Permanently remove the previously deleted managed storage account.```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -PassThru
 Cmdlet does not return an object by default.
 If this switch is specified, cmdlet returns the managed storage account that was deleted.