def set_policy(cmd, client, resource_group_name, vault_name, policy, policy_name, fix_for_inconsistent_items, tenant_id=None, is_critical_operation=False): if policy_name is None: raise CLIError( """ Policy name is required for set policy. """) if policy is not None: policy_object = cust_help.get_policy_from_json(client, policy) if is_critical_operation: existing_policy = common.show_policy(client, resource_group_name, vault_name, policy_name) if cust_help.is_retention_duration_decreased(existing_policy, policy_object, "AzureWorkload"): # update the payload with critical operation and add auxiliary header for cross tenant case if tenant_id is not None: client = get_mgmt_service_client(cmd.cli_ctx, RecoveryServicesBackupClient, aux_tenants=[tenant_id]).protection_policies policy_object.properties.resource_guard_operation_requests = [ cust_help.get_resource_guard_operation_request(cmd.cli_ctx, resource_group_name, vault_name, "updatePolicy")] else: if fix_for_inconsistent_items: policy_object = common.show_policy(client, resource_group_name, vault_name, policy_name) policy_object.properties.make_policy_consistent = True else: raise CLIError( """ Please provide policy object. """) return client.create_or_update(vault_name, resource_group_name, policy_name, policy_object)
def update_policy_for_item(cmd, client, resource_group_name, vault_name, item, policy, tenant_id=None, is_critical_operation=False): if item.properties.backup_management_type != policy.properties.backup_management_type: raise CLIError( """ The policy type should match with the workload being protected. Use the relevant get-default policy command and use it to update the policy for the workload. """) container_uri = cust_help.get_protection_container_uri_from_id(item.id) item_uri = cust_help.get_protected_item_uri_from_id(item.id) backup_item_type = item_uri.split(';')[0] if not cust_help.is_sql(backup_item_type) and not cust_help.is_hana(backup_item_type): raise InvalidArgumentValueError("Item must be either of type SQLDataBase or SAPHanaDatabase.") item_properties = _get_protected_item_instance(backup_item_type) item_properties.policy_id = policy.id param = ProtectedItemResource(properties=item_properties) if is_critical_operation: existing_policy_name = item.properties.policy_id.split('/')[-1] existing_policy = common.show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name, existing_policy_name) if cust_help.is_retention_duration_decreased(existing_policy, policy, "AzureWorkload"): # update the payload with critical operation and add auxiliary header for cross tenant case if tenant_id is not None: client = get_mgmt_service_client(cmd.cli_ctx, RecoveryServicesBackupClient, aux_tenants=[tenant_id]).protected_items param.properties.resource_guard_operation_requests = [cust_help.get_resource_guard_operation_request( cmd.cli_ctx, resource_group_name, vault_name, "updateProtection")] # Update policy result = client.create_or_update(vault_name, resource_group_name, fabric_name, container_uri, item_uri, param, cls=cust_help.get_pipeline_response) return cust_help.track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
def set_policy(cmd, client, resource_group_name, vault_name, policy, policy_name, tenant_id=None, is_critical_operation=False): if policy_name is None: raise CLIError(""" Policy name is required for set policy. """) policy_object = helper.get_policy_from_json(client, policy) policy_object.properties.work_load_type = workload_type existing_policy = common.show_policy(client, resource_group_name, vault_name, policy_name) helper.validate_update_policy_request(existing_policy, policy_object) if is_critical_operation: if helper.is_retention_duration_decreased(existing_policy, policy_object, "AzureStorage"): # update the payload with critical operation and add auxiliary header for cross tenant case if tenant_id is not None: client = get_mgmt_service_client( cmd.cli_ctx, RecoveryServicesBackupClient, aux_tenants=[tenant_id]).protection_policies policy_object.properties.resource_guard_operation_requests = [ helper.get_resource_guard_operation_request( cmd.cli_ctx, resource_group_name, vault_name, "updatePolicy") ] return client.create_or_update(vault_name, resource_group_name, policy_name, policy_object)
def enable_for_AzureFileShare(cmd, client, resource_group_name, vault_name, afs_name, storage_account_name, policy_name): # get registered storage accounts storage_account = None containers_client = backup_protection_containers_cf(cmd.cli_ctx) registered_containers = common.list_containers(containers_client, resource_group_name, vault_name, "AzureStorage") storage_account = _get_storage_account_from_list(registered_containers, storage_account_name) # get unregistered storage accounts if storage_account is None: unregistered_containers = list_protectable_containers(cmd.cli_ctx, resource_group_name, vault_name) storage_account = _get_storage_account_from_list(unregistered_containers, storage_account_name) if storage_account is None: # refresh containers in the vault protection_containers_client = protection_containers_cf(cmd.cli_ctx) filter_string = helper.get_filter_string({'backupManagementType': "AzureStorage"}) refresh_result = protection_containers_client.refresh(vault_name, resource_group_name, fabric_name, filter=filter_string, raw=True) helper.track_refresh_operation(cmd.cli_ctx, refresh_result, vault_name, resource_group_name) # refetch the protectable containers after refresh unregistered_containers = list_protectable_containers(cmd.cli_ctx, resource_group_name, vault_name) storage_account = _get_storage_account_from_list(unregistered_containers, storage_account_name) if storage_account is None: raise CLIError("Storage account not found or not supported.") # register storage account protection_containers_client = protection_containers_cf(cmd.cli_ctx) properties = AzureStorageContainer(backup_management_type="AzureStorage", source_resource_id=storage_account.properties.container_id, workload_type="AzureFileShare") param = ProtectionContainerResource(properties=properties) result = protection_containers_client.register(vault_name, resource_group_name, fabric_name, storage_account.name, param, raw=True) helper.track_register_operation(cmd.cli_ctx, result, vault_name, resource_group_name, storage_account.name) policy = common.show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name, policy_name) helper.validate_policy(policy) protectable_item = _get_protectable_item_for_afs(cmd.cli_ctx, vault_name, resource_group_name, afs_name, storage_account) helper.validate_azurefileshare_item(protectable_item) container_uri = helper.get_protection_container_uri_from_id(protectable_item.id) item_uri = helper.get_protectable_item_uri_from_id(protectable_item.id) item_properties = AzureFileshareProtectedItem() item_properties.policy_id = policy.id item_properties.source_resource_id = protectable_item.properties.parent_container_fabric_id item = ProtectedItemResource(properties=item_properties) result = client.create_or_update(vault_name, resource_group_name, fabric_name, container_uri, item_uri, item, raw=True) return helper.track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
def set_policy(client, resource_group_name, vault_name, policy, policy_name): if policy_name is None: raise CLIError( """ Policy name is required for set policy. """) policy_object = helper.get_policy_from_json(client, policy) policy_object.properties.work_load_type = workload_type existing_policy = common.show_policy(client, resource_group_name, vault_name, policy_name) helper.validate_update_policy_request(existing_policy, policy_object) return client.create_or_update(vault_name, resource_group_name, policy_name, policy_object)
def update_policy_for_item(cmd, client, resource_group_name, vault_name, item, policy, tenant_id=None, is_critical_operation=False): if item.properties.backup_management_type != policy.properties.backup_management_type: raise CLIError(""" The policy type should match with the workload being protected. Use the relevant get-default policy command and use it to update the policy for the workload. """) # Get container and item URIs container_uri = helper.get_protection_container_uri_from_id(item.id) item_uri = helper.get_protected_item_uri_from_id(item.id) # Update policy request afs_item_properties = AzureFileshareProtectedItem() afs_item_properties.policy_id = policy.id afs_item_properties.source_resource_id = item.properties.source_resource_id afs_item = ProtectedItemResource(properties=afs_item_properties) if is_critical_operation: existing_policy_name = item.properties.policy_id.split('/')[-1] existing_policy = common.show_policy( protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name, existing_policy_name) if helper.is_retention_duration_decreased(existing_policy, policy, "AzureStorage"): # update the payload with critical operation and add auxiliary header for cross tenant case if tenant_id is not None: client = get_mgmt_service_client( cmd.cli_ctx, RecoveryServicesBackupClient, aux_tenants=[tenant_id]).protected_items afs_item.properties.resource_guard_operation_requests = [ helper.get_resource_guard_operation_request( cmd.cli_ctx, resource_group_name, vault_name, "updateProtection") ] # Update policy result = client.create_or_update(vault_name, resource_group_name, fabric_name, container_uri, item_uri, afs_item, cls=helper.get_pipeline_response) return helper.track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
def set_policy(client, resource_group_name, vault_name, policy, policy_name, fix_for_inconsistent_items): if policy_name is None: raise CLIError( """ Policy name is required for set policy. """) if policy is not None: policy_object = cust_help.get_policy_from_json(client, policy) else: if fix_for_inconsistent_items: policy_object = common.show_policy(client, resource_group_name, vault_name, policy_name) policy_object.properties.make_policy_consistent = True else: raise CLIError( """ Please provide policy object. """) return client.create_or_update(vault_name, resource_group_name, policy_name, policy_object)
def show_policy(client, resource_group_name, vault_name, name): return common.show_policy(client, resource_group_name, vault_name, name)