def set_policy(cmd, client, resource_group_name, vault_name, policy, policy_name, fix_for_inconsistent_items,
tenant_id=None, is_critical_operation=False):
if policy_name is None:
raise CLIError(
"""
Policy name is required for set policy.
""")
if policy is not None:
policy_object = cust_help.get_policy_from_json(client, policy)
if is_critical_operation:
existing_policy = common.show_policy(client, resource_group_name, vault_name, policy_name)
if cust_help.is_retention_duration_decreased(existing_policy, policy_object, "AzureWorkload"):
# update the payload with critical operation and add auxiliary header for cross tenant case
if tenant_id is not None:
client = get_mgmt_service_client(cmd.cli_ctx, RecoveryServicesBackupClient,
aux_tenants=[tenant_id]).protection_policies
policy_object.properties.resource_guard_operation_requests = [
cust_help.get_resource_guard_operation_request(cmd.cli_ctx, resource_group_name, vault_name,
"updatePolicy")]
else:
if fix_for_inconsistent_items:
policy_object = common.show_policy(client, resource_group_name, vault_name, policy_name)
policy_object.properties.make_policy_consistent = True
else:
raise CLIError(
"""
Please provide policy object.
""")
return client.create_or_update(vault_name, resource_group_name, policy_name, policy_object)
def update_policy_for_item(cmd, client, resource_group_name, vault_name, item, policy, tenant_id=None,
is_critical_operation=False):
if item.properties.backup_management_type != policy.properties.backup_management_type:
raise CLIError(
"""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to update the policy for the workload.
""")
container_uri = cust_help.get_protection_container_uri_from_id(item.id)
item_uri = cust_help.get_protected_item_uri_from_id(item.id)
backup_item_type = item_uri.split(';')[0]
if not cust_help.is_sql(backup_item_type) and not cust_help.is_hana(backup_item_type):
raise InvalidArgumentValueError("Item must be either of type SQLDataBase or SAPHanaDatabase.")
item_properties = _get_protected_item_instance(backup_item_type)
item_properties.policy_id = policy.id
param = ProtectedItemResource(properties=item_properties)
if is_critical_operation:
existing_policy_name = item.properties.policy_id.split('/')[-1]
existing_policy = common.show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name,
existing_policy_name)
if cust_help.is_retention_duration_decreased(existing_policy, policy, "AzureWorkload"):
# update the payload with critical operation and add auxiliary header for cross tenant case
if tenant_id is not None:
client = get_mgmt_service_client(cmd.cli_ctx, RecoveryServicesBackupClient,
aux_tenants=[tenant_id]).protected_items
param.properties.resource_guard_operation_requests = [cust_help.get_resource_guard_operation_request(
cmd.cli_ctx, resource_group_name, vault_name, "updateProtection")]
# Update policy
result = client.create_or_update(vault_name, resource_group_name, fabric_name,
container_uri, item_uri, param, cls=cust_help.get_pipeline_response)
return cust_help.track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
def set_policy(cmd,
client,
resource_group_name,
vault_name,
policy,
policy_name,
tenant_id=None,
is_critical_operation=False):
if policy_name is None:
raise CLIError("""
Policy name is required for set policy.
""")
policy_object = helper.get_policy_from_json(client, policy)
policy_object.properties.work_load_type = workload_type
existing_policy = common.show_policy(client, resource_group_name,
vault_name, policy_name)
helper.validate_update_policy_request(existing_policy, policy_object)
if is_critical_operation:
if helper.is_retention_duration_decreased(existing_policy,
policy_object,
"AzureStorage"):
# update the payload with critical operation and add auxiliary header for cross tenant case
if tenant_id is not None:
client = get_mgmt_service_client(
cmd.cli_ctx,
RecoveryServicesBackupClient,
aux_tenants=[tenant_id]).protection_policies
policy_object.properties.resource_guard_operation_requests = [
helper.get_resource_guard_operation_request(
cmd.cli_ctx, resource_group_name, vault_name,
"updatePolicy")
]
return client.create_or_update(vault_name, resource_group_name,
policy_name, policy_object)
def enable_for_AzureFileShare(cmd, client, resource_group_name, vault_name, afs_name,
storage_account_name, policy_name):
# get registered storage accounts
storage_account = None
containers_client = backup_protection_containers_cf(cmd.cli_ctx)
registered_containers = common.list_containers(containers_client, resource_group_name, vault_name, "AzureStorage")
storage_account = _get_storage_account_from_list(registered_containers, storage_account_name)
# get unregistered storage accounts
if storage_account is None:
unregistered_containers = list_protectable_containers(cmd.cli_ctx, resource_group_name, vault_name)
storage_account = _get_storage_account_from_list(unregistered_containers, storage_account_name)
if storage_account is None:
# refresh containers in the vault
protection_containers_client = protection_containers_cf(cmd.cli_ctx)
filter_string = helper.get_filter_string({'backupManagementType': "AzureStorage"})
refresh_result = protection_containers_client.refresh(vault_name, resource_group_name, fabric_name,
filter=filter_string, raw=True)
helper.track_refresh_operation(cmd.cli_ctx, refresh_result, vault_name, resource_group_name)
# refetch the protectable containers after refresh
unregistered_containers = list_protectable_containers(cmd.cli_ctx, resource_group_name, vault_name)
storage_account = _get_storage_account_from_list(unregistered_containers, storage_account_name)
if storage_account is None:
raise CLIError("Storage account not found or not supported.")
# register storage account
protection_containers_client = protection_containers_cf(cmd.cli_ctx)
properties = AzureStorageContainer(backup_management_type="AzureStorage",
source_resource_id=storage_account.properties.container_id,
workload_type="AzureFileShare")
param = ProtectionContainerResource(properties=properties)
result = protection_containers_client.register(vault_name, resource_group_name, fabric_name,
storage_account.name, param, raw=True)
helper.track_register_operation(cmd.cli_ctx, result, vault_name, resource_group_name, storage_account.name)
policy = common.show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name, policy_name)
helper.validate_policy(policy)
protectable_item = _get_protectable_item_for_afs(cmd.cli_ctx, vault_name, resource_group_name, afs_name,
storage_account)
helper.validate_azurefileshare_item(protectable_item)
container_uri = helper.get_protection_container_uri_from_id(protectable_item.id)
item_uri = helper.get_protectable_item_uri_from_id(protectable_item.id)
item_properties = AzureFileshareProtectedItem()
item_properties.policy_id = policy.id
item_properties.source_resource_id = protectable_item.properties.parent_container_fabric_id
item = ProtectedItemResource(properties=item_properties)
result = client.create_or_update(vault_name, resource_group_name, fabric_name,
container_uri, item_uri, item, raw=True)
return helper.track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
def set_policy(client, resource_group_name, vault_name, policy, policy_name):
if policy_name is None:
raise CLIError(
"""
Policy name is required for set policy.
""")
policy_object = helper.get_policy_from_json(client, policy)
policy_object.properties.work_load_type = workload_type
existing_policy = common.show_policy(client, resource_group_name, vault_name, policy_name)
helper.validate_update_policy_request(existing_policy, policy_object)
return client.create_or_update(vault_name, resource_group_name, policy_name, policy_object)
def update_policy_for_item(cmd,
client,
resource_group_name,
vault_name,
item,
policy,
tenant_id=None,
is_critical_operation=False):
if item.properties.backup_management_type != policy.properties.backup_management_type:
raise CLIError("""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to update the policy for the workload.
""")
# Get container and item URIs
container_uri = helper.get_protection_container_uri_from_id(item.id)
item_uri = helper.get_protected_item_uri_from_id(item.id)
# Update policy request
afs_item_properties = AzureFileshareProtectedItem()
afs_item_properties.policy_id = policy.id
afs_item_properties.source_resource_id = item.properties.source_resource_id
afs_item = ProtectedItemResource(properties=afs_item_properties)
if is_critical_operation:
existing_policy_name = item.properties.policy_id.split('/')[-1]
existing_policy = common.show_policy(
protection_policies_cf(cmd.cli_ctx), resource_group_name,
vault_name, existing_policy_name)
if helper.is_retention_duration_decreased(existing_policy, policy,
"AzureStorage"):
# update the payload with critical operation and add auxiliary header for cross tenant case
if tenant_id is not None:
client = get_mgmt_service_client(
cmd.cli_ctx,
RecoveryServicesBackupClient,
aux_tenants=[tenant_id]).protected_items
afs_item.properties.resource_guard_operation_requests = [
helper.get_resource_guard_operation_request(
cmd.cli_ctx, resource_group_name, vault_name,
"updateProtection")
]
# Update policy
result = client.create_or_update(vault_name,
resource_group_name,
fabric_name,
container_uri,
item_uri,
afs_item,
cls=helper.get_pipeline_response)
return helper.track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
def set_policy(client, resource_group_name, vault_name, policy, policy_name, fix_for_inconsistent_items):
if policy_name is None:
raise CLIError(
"""
Policy name is required for set policy.
""")
if policy is not None:
policy_object = cust_help.get_policy_from_json(client, policy)
else:
if fix_for_inconsistent_items:
policy_object = common.show_policy(client, resource_group_name, vault_name, policy_name)
policy_object.properties.make_policy_consistent = True
else:
raise CLIError(
"""
Please provide policy object.
""")
return client.create_or_update(vault_name, resource_group_name, policy_name, policy_object)
def show_policy(client, resource_group_name, vault_name, name):
return common.show_policy(client, resource_group_name, vault_name, name)
