Disable Soft Delete for Azure File Shares with Terraform

 Azure file shares can be used as mounted persisted volume in AKS clusters to provide necessary storage to pods in AKS. Azure file shares are enabled with soft delete for files by default. However, when the pod mounted storage is used as temporary storage for processing, there is no need to keep the capability of soft deletion. Let's look at how we can disable soft delete for file share storage when deploying the file share with terraform.

Expected outcome is a file share with soft deletion disabled as shown below.

There is no access to the properties to set this in azurerm_storage_share with terraform. Or the azurerm_storage_account, share_properties in terraform does not support a property to disable it.

Therefore we can utilize a null resource with Azure CLI as shown below to achieve the soft deletion disabling. The full example code is available here in GitHub.

resource "null_resource" "disble_soft_delete_fileshares" {

  lifecycle {
    ignore_changes = []
  }

  depends_on = [
    azurerm_storage_account.filestorage_aks_win,
    azurerm_storage_account.filestorage_aks_linux
  ]

  provisioner "local-exec" {
    command     = <<-SHELL
      az login --service-principal -u ${var.DEVOPSSERVICECONNECTIONAID} -p ${var.DEVOPSSERVICECONNECTIONPW} --tenant ${var.TENANTID}
      az storage account file-service-properties update --resource-group ${azurerm_resource_group.instance_rg.name} --account-name ${azurerm_storage_account.filestorage_aks_win.name} --enable-delete-retention false --subscription ${var.SUBSCRIPTIONID}
      az storage account file-service-properties update --resource-group ${azurerm_resource_group.instance_rg.name} --account-name ${azurerm_storage_account.filestorage_aks_linux.name} --enable-delete-retention false --subscription ${var.SUBSCRIPTIONID}
    SHELL
    interpreter = ["PowerShell"]
  }
}