Azure blob soft delete and versioning- how to restore files easily?

Question

I am trying to understand how soft delete and versioning work within azure blog storage.

It seems that if you have both soft delete and versioning turned on... you can’t just ‘undelete ’ deleted files, as versioning actually saves a new version as a deleted file.

So instead you have to promote the last version of each deleted file.

But what if you have a structure of nested folders and thousands of blobs... you can’t just promote the top version of the top level folder... you need to use Powershell to list files with no current version, and promote them? How would you do this?

This seems awfully complicated, when without versioning - a simple ‘undelete’ command is available from the GUI.

Am I missing something? What is the easiest way to ‘undelete’ a nested folder structure of thousand of blobs in folders, when versioning is turned on?

Thanks

Answer 1

As Rob Minson pointed out, the approach involves copying a blob version to the same container. For PowerShell, use the Copy-AzStorageBlob cmdlet; for Azure CLI, use the az storage blob copy start command. You can pass an account key or SAS token, or use Azure AD.

We've updated the documentation to shed some light on an approach to restoring blobs when soft-delete and/or versioning is enabled. Code samples are available for both PowerShell and Azure CLI.

Answer 2

I completely agree that this seems really un-documented at the moment. I've raised a github issue against this docs page to see if they can get the situation improved.

The best path through that I've found is something like the following:

Using Azure Storage Explorer, open up the container with the soft-deleted, versioned blobs, then change the drop down to "All blobs and blobs without current version". Now you can select a blob and hit 'Promote Version'. The deleted blob will be restored and in the Activities pane you can expand the operation and hit 'Copy AzCopy Command to Clipboard'.

The result will show you something like the following:

./azcopy.exe copy 
    "https://accountname.blob.core.windows.net/containername/blobname?<sastoken>&versionid=2021-04-22T11%3A35%3A36.9385599Z" 
    "https://accountname.blob.core.windows.net/containername/blobname?<sastoken>" 
    --overwrite=true 
    --recursive 
    --trusted-microsoft-suffixes=;

Now, based on this you can see you have a building block for automating the process you're talking about. Your problem at this point is finding this thing:

versionid=2021-04-22T11%3A35%3A36.9385599Z

Unfortunately that's a timestamp to nanosecond precision which you're not going to be able to infer. There's no functionality I can find in powershell, in the REST APIs or in AzCopy to get this data, the only way I have found is this sample for the .Net SDK.

All this probably means you can either:

• Implement your own C# console app using the Azure.Storage.Blobs library to list the versions for each blob, then perform the relevant copy command now you know the magic version string
• Wait for the REST API or Powershell library to get the ability to list versions

Answer 3

Simply put, no.

The first point that needs to be emphasized is that blobs in blob storage are not nested as you might think. It seems that blob storage is the same as the local file system: some nested folders, and many files inside. But in fact these are fake, the storage structure of blob storage is flat. Blob storage is not about putting a small box in a box and then putting items in the small box. In fact, all blobs are items of blob storage, and there is no such thing as a "small box".

Then, the second point, for blob storage, the soft-delete operation only supports two objects, one is a blob and the other is a container.

Check out this document:

https://learn.microsoft.com/en-us/azure/storage/blobs/soft-delete-container-overview?tabs=azure-cli#how-container-soft-delete-works

However, you can only use container soft delete to restore blobs if the container itself was deleted. To a restore a deleted blob when its parent container has not been deleted, you must use blob soft delete or blob versioning.

So unfortunately, there is no so-called easy way. You need to operate on each blob, the nested structure does not actually exist.

If you are interested, you can read this blog:

https://medium.com/@loopjockey/structuring-azure-blobs-for-functions-8305ba427356