From b4685f97fb6c45d10838c7df63b4f6e531a1bcb0 Mon Sep 17 00:00:00 2001
From: Ben Broderick Phillips <bebroder@microsoft.com>
Date: Wed, 18 Jan 2023 12:06:24 -0500
Subject: [PATCH] Add script for removing worm storage accounts (#4959)

---
 eng/scripts/Remove-WormStorageAccounts.ps1 | 39 ++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 eng/scripts/Remove-WormStorageAccounts.ps1

diff --git a/eng/scripts/Remove-WormStorageAccounts.ps1 b/eng/scripts/Remove-WormStorageAccounts.ps1
new file mode 100644
index 00000000000..60d0099cfc8
--- /dev/null
+++ b/eng/scripts/Remove-WormStorageAccounts.ps1
@@ -0,0 +1,39 @@
+# Helper script for removing storage accounts with WORM that sometimes get leaked from live tests not set up to clean
+# up their resource policies
+
+[CmdletBinding(SupportsShouldProcess=$True)]
+param(
+    [string]$GroupPrefix
+)
+
+# Be a little defensive so we don't delete non-live test groups via naming convention
+if (!$groupPrefix -or !$GroupPrefix.StartsWith('rg-')) {
+    Write-Error "The -GroupPrefix parameter must start with 'rg-'"
+    exit 1
+}
+
+$groups = Get-AzResourceGroup | ? { $_.ResourceGroupName.StartsWith($GroupPrefix) } | ? { $_.ProvisioningState -ne 'Deleting' }
+
+foreach ($group in $groups) {
+    Write-Host "========================================="
+    $accounts = Get-AzStorageAccount -ResourceGroupName $group.ResourceGroupName
+    if ($accounts) {
+        foreach ($account in $accounts) {
+            if ($WhatIfPreference) {
+                Write-Host "What if: Removing $($account.StorageAccountName) in $($account.ResourceGroupName)"
+            } else {
+                Write-Host "Removing $($account.StorageAccountName) in $($account.ResourceGroupName)"
+            }
+            $ctx = New-AzStorageContext -StorageAccountName $account.StorageAccountName
+            $ctx | Get-AzStorageContainer | Get-AzStorageBlob | Remove-AzStorageBlob -Force
+            # Use AzRm cmdlet as deletion will only work through ARM with the immutability policies defined on the blobs
+            $ctx | Get-AzStorageContainer | % { Remove-AzRmStorageContainer -Name $_.Name -StorageAccountName $ctx.StorageAccountName -ResourceGroupName $group.ResourceGroupName -Force }
+            Remove-AzStorageAccount -StorageAccountName $account.StorageAccountName -ResourceGroupName $account.ResourceGroupName -Force
+        }
+    }
+    if ($WhatIfPreference) {
+        Write-Host "What if: Removing resource group $($group.ResourceGroupName)"
+    } else {
+        Remove-AzResourceGroup -ResourceGroupName $group.ResourceGroupName -Force -AsJob
+    }
+}