|
1 | 1 | --- |
2 | | -title: Create resource lock for a Azure Cosmos DB Table API table |
3 | | -description: Create resource lock for a Azure Cosmos DB Table API table |
| 2 | +title: Azure Cosmos DB Table API resource lock operations |
| 3 | +description: Use Azure CLI to create, list, show properties for, and delete resource locks for an Azure Cosmos DB Table API table. |
4 | 4 | author: seesharprun |
5 | 5 | ms.author: sidandrews |
6 | 6 | ms.reviewer: mjbrown |
7 | 7 | ms.service: cosmos-db |
8 | 8 | ms.subservice: cosmosdb-table |
9 | 9 | ms.topic: sample |
10 | | -ms.date: 02/21/2022 |
| 10 | +ms.date: 06/16/2022 |
| 11 | +ms.custom: kr2b-contr-experiment |
11 | 12 | --- |
12 | 13 |
|
13 | | -# Create resource lock for a Azure Cosmos DB Table API table using Azure CLI |
| 14 | +# Use Azure CLI for resource lock operations on Azure Cosmos DB Table API tables |
14 | 15 |
|
15 | 16 | [!INCLUDE[appliesto-table-api](../../../includes/appliesto-table-api.md)] |
16 | 17 |
|
17 | | -The script in this article demonstrates performing resource lock operations for a Table API table. |
| 18 | +The script in this article demonstrates performing resource lock operations for a Table API table. |
18 | 19 |
|
19 | 20 | > [!IMPORTANT] |
20 | | -> |
21 | | -> To create resource locks, you must have membership in the owner role in the subscription. |
22 | | -> |
23 | | -> Resource locks do not work for changes made by users connecting Cosmos DB Table SDK, Azure Storage Table SDK, any tools that connect via account keys, or the Azure Portal unless the Cosmos DB account is first locked with the `disableKeyBasedMetadataWriteAccess` property enabled. To learn more about how to enable this property see, [Preventing changes from SDKs](../../../role-based-access-control.md#prevent-sdk-changes). |
| 21 | +> To enable resource locking, the Azure Cosmos DB account must have the `disableKeyBasedMetadataWriteAccess` property enabled. This property prevents any changes to resources from clients that connect via account keys, such as the Cosmos DB Table SDK, Azure Storage Table SDK, or Azure portal. For more information, see [Preventing changes from SDKs](../../../role-based-access-control.md#prevent-sdk-changes). |
24 | 22 |
|
25 | | -[!INCLUDE [quickstarts-free-trial-note](../../../../../includes/quickstarts-free-trial-note.md)] |
| 23 | +## Prerequisites |
26 | 24 |
|
27 | | -[!INCLUDE [azure-cli-prepare-your-environment.md](../../../../../includes/azure-cli-prepare-your-environment.md)] |
| 25 | +- You need an [Azure Cosmos DB Table API account, database, and table created](create.md). [!INCLUDE [quickstarts-free-trial-note](../../../../../includes/quickstarts-free-trial-note.md)] |
28 | 26 |
|
29 | | -- This article requires version 2.12.1 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli). If using Azure Cloud Shell, the latest version is already installed. |
| 27 | + > [!IMPORTANT] |
| 28 | + > To create or delete resource locks, you must have the **Owner** role in your Azure subscription. |
| 29 | +
|
| 30 | +- This script requires Azure CLI version 2.12.1 or later. |
| 31 | + |
| 32 | + - You can run the script in the Bash environment in [Azure Cloud Shell](../../../../cloud-shell/quickstart.md). When Cloud Shell opens, make sure **Bash** appears in the environment field at the upper left of the shell window. Cloud Shell always has the latest version of Azure CLI. |
| 33 | + |
| 34 | + [](https://shell.azure.com) |
| 35 | + |
| 36 | + Cloud Shell is automatically authenticated under the account you used to sign in to the Azure portal. You can use [az account set](/cli/azure/account#az-account-set) to sign in with a different subscription, replacing `<subscriptionId>` with your Azure subscription ID. |
| 37 | + |
| 38 | + ```azurecli |
| 39 | + subscription="<subscriptionId>" # add subscription here |
| 40 | + |
| 41 | + az account set -s $subscription # ...or use 'az login' |
| 42 | + ``` |
| 43 | +
|
| 44 | + - If you prefer, you can [install Azure CLI](/cli/azure/install-azure-cli) to run the script locally. Run [az version](/cli/azure/reference-index?#az-version) to find the Azure CLI version and dependent libraries that are installed, and run [az upgrade](/cli/azure/reference-index?#az-upgrade) if you need to upgrade. If prompted, [install Azure CLI extensions](/cli/azure/azure-cli-extensions-overview). If you're running Windows or macOS, consider [running Azure CLI in a Docker container](/cli/azure/run-azure-cli-docker). |
| 45 | +
|
| 46 | + If you're using a local installation, sign in to Azure by running [az login](/cli/azure/reference-index#az-login) and following the prompts. For other sign-in options, see [Sign in with the Azure CLI](/cli/azure/authenticate-azure-cli). |
30 | 47 |
|
31 | 48 | ## Sample script |
32 | 49 |
|
33 | | -[!INCLUDE [cli-launch-cloud-shell-sign-in.md](../../../../../includes/cli-launch-cloud-shell-sign-in.md)] |
| 50 | +The following script uses Azure CLI [az lock](/cli/azure/lock) commands to manipulate resource locks on your Azure Cosmos DB Table API table. The script needs the `resourceGroup`, `account` name, and `table` name for the Azure Cosmos DB account and table you created. |
34 | 51 |
|
35 | | -### Run the script |
| 52 | +- [az lock create](/cli/azure/lock#az-lock-create) creates a `CanNotDelete` resource lock on the table. |
| 53 | +- [az lock list](/cli/azure/lock#az-lock-list) lists all the lock information for your Azure Cosmos DB Table account. |
| 54 | +- [az lock delete](/cli/azure/lock#az-lock-delete) uses [az lock show](/cli/azure/lock#az-lock-show) to get the `id` of the lock on your table, and then uses the `lockid` property to delete the lock. |
36 | 55 |
|
37 | 56 | :::code language="azurecli" source="~/azure_cli_scripts/cosmosdb/table/lock.sh" id="FullScript"::: |
38 | 57 |
|
39 | 58 | ## Clean up resources |
40 | 59 |
|
41 | | -[!INCLUDE [cli-clean-up-resources.md](../../../../../includes/cli-clean-up-resources.md)] |
| 60 | +If you no longer need the resources you created, use the [az group delete](/cli/azure/group#az-group-delete) command to delete the resource group and all resources it contains. These resources include the Azure Cosmos DB account and table. The resources might take a while to delete. |
42 | 61 |
|
43 | 62 | ```azurecli |
44 | 63 | az group delete --name $resourceGroup |
45 | 64 | ``` |
46 | 65 |
|
47 | | -## Sample reference |
48 | | - |
49 | | -This script uses the following commands. Each command in the table links to command specific documentation. |
50 | | - |
51 | | -| Command | Notes | |
52 | | -|---|---| |
53 | | -| [az lock create](/cli/azure/lock#az-lock-create) | Creates a lock. | |
54 | | -| [az lock list](/cli/azure/lock#az-lock-list) | List lock information. | |
55 | | -| [az lock show](/cli/azure/lock#az-lock-show) | Show properties of a lock. | |
56 | | -| [az lock delete](/cli/azure/lock#az-lock-delete) | Deletes a lock. | |
57 | | - |
58 | 66 | ## Next steps |
59 | 67 |
|
60 | | -- [Lock resources to prevent unexpected changes](../../../../azure-resource-manager/management/lock-resources.md) |
61 | | - |
62 | | -- [Azure Cosmos DB CLI documentation](/cli/azure/cosmosdb). |
63 | | - |
64 | | -- [Azure Cosmos DB CLI GitHub Repository](https://github.com/Azure-Samples/azure-cli-samples/tree/master/cosmosdb). |
| 68 | +- [Prevent Azure Cosmos DB resources from being deleted or changed](../../../resource-locks.md) |
| 69 | +- [Lock resources to prevent unexpected changes](/azure/azure-resource-manager/management/lock-resources) |
| 70 | +- [How to audit Azure Cosmos DB control plane operations](../../../audit-control-plane-logs.md) |
| 71 | +- [Azure Cosmos DB CLI documentation](/cli/azure/cosmosdb) |
| 72 | +- [Azure Cosmos DB CLI GitHub repository](https://github.com/Azure-Samples/azure-cli-samples/tree/master/cosmosdb) |
0 commit comments