backup cleanup

KelvinTegelaar · KelvinTegelaar · commit 7150399676fc · 2025-12-14T00:18:35.000+01:00
diff --git a/CIPPTimers.json b/CIPPTimers.json
@@ -203,5 +203,14 @@
     "Priority": 20,
     "RunOnProcessor": true,
     "IsSystem": true
+  },
+  {
+    "Id": "b8f3c2e1-5d4a-4f7b-9a2c-1e6d8f3b5a7c",
+    "Command": "Start-BackupRetentionCleanup",
+    "Description": "Timer to cleanup old backups based on retention policy",
+    "Cron": "0 0 2 * * *",
+    "Priority": 21,
+    "RunOnProcessor": true,
+    "IsSystem": true
   }
 ]
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackupRetentionConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackupRetentionConfig.ps1
@@ -0,0 +1,56 @@
+function Invoke-ExecBackupRetentionConfig {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        CIPP.AppSettings.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+    $Table = Get-CIPPTable -TableName Config
+    $Filter = "PartitionKey eq 'BackupRetention' and RowKey eq 'Settings'"
+
+    $results = try {
+        if ($Request.Query.List) {
+            $RetentionSettings = Get-CIPPAzDataTableEntity @Table -Filter $Filter
+            if (!$RetentionSettings) {
+                # Return default values if not set
+                @{
+                    RetentionDays = 30
+                }
+            } else {
+                @{
+                    RetentionDays = [int]$RetentionSettings.RetentionDays
+                }
+            }
+        } else {
+            $RetentionDays = [int]$Request.Body.RetentionDays
+
+            # Validate minimum value
+            if ($RetentionDays -lt 7) {
+                throw 'Retention days must be at least 7 days'
+            }
+
+            $RetentionConfig = @{
+                'RetentionDays' = $RetentionDays
+                'PartitionKey'  = 'BackupRetention'
+                'RowKey'        = 'Settings'
+            }
+
+            Add-CIPPAzDataTableEntity @Table -Entity $RetentionConfig -Force | Out-Null
+            Write-LogMessage -headers $Request.Headers -API $Request.Params.CIPPEndpoint -message "Set backup retention to $RetentionDays days" -Sev 'Info'
+            "Successfully set backup retention to $RetentionDays days"
+        }
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -headers $Request.Headers -API $Request.Params.CIPPEndpoint -message "Failed to set backup retention configuration: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage
+        "Failed to set configuration: $($ErrorMessage.NormalizedError)"
+    }
+
+    $body = [pscustomobject]@{'Results' = $Results }
+
+    return ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $body
+        })
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-BackupRetentionCleanup.ps1 b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-BackupRetentionCleanup.ps1
@@ -0,0 +1,78 @@
+function Start-BackupRetentionCleanup {
+    <#
+    .SYNOPSIS
+    Start the Backup Retention Cleanup Timer
+    .DESCRIPTION
+    This function cleans up old CIPP and Tenant backups based on the retention policy
+    #>
+    [CmdletBinding(SupportsShouldProcess = $true)]
+    param()
+
+    try {
+        # Get retention settings
+        $ConfigTable = Get-CippTable -tablename Config
+        $Filter = "PartitionKey eq 'BackupRetention' and RowKey eq 'Settings'"
+        $RetentionSettings = Get-CIPPAzDataTableEntity @ConfigTable -Filter $Filter
+        
+        # Default to 30 days if not set
+        $RetentionDays = if ($RetentionSettings.RetentionDays) { 
+            [int]$RetentionSettings.RetentionDays 
+        } else { 
+            30 
+        }
+
+        # Ensure minimum retention of 7 days
+        if ($RetentionDays -lt 7) {
+            $RetentionDays = 7
+        }
+
+        Write-Host "Starting backup cleanup with retention of $RetentionDays days"
+        
+        # Calculate cutoff date
+        $CutoffDate = (Get-Date).AddDays(-$RetentionDays).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
+        
+        $DeletedCounts = [System.Collections.Generic.List[int]]::new()
+
+        # Clean up CIPP Backups
+        if ($PSCmdlet.ShouldProcess('CIPPBackup', 'Cleaning up old backups')) {
+            $CIPPBackupTable = Get-CippTable -tablename 'CIPPBackup'
+            $Filter = "PartitionKey eq 'CIPPBackup' and Timestamp lt datetime'$CutoffDate'"
+            
+            $OldCIPPBackups = Get-AzDataTableEntity @CIPPBackupTable -Filter $Filter -Property @('PartitionKey', 'RowKey', 'ETag')
+            
+            if ($OldCIPPBackups) {
+                Write-Host "Found $($OldCIPPBackups.Count) old CIPP backups to delete"
+                Remove-AzDataTableEntity @CIPPBackupTable -Entity $OldCIPPBackups -Force
+                $DeletedCounts.Add($OldCIPPBackups.Count)
+                Write-LogMessage -API 'BackupRetentionCleanup' -message "Deleted $($OldCIPPBackups.Count) old CIPP backups" -Sev 'Info'
+            } else {
+                Write-Host 'No old CIPP backups found'
+            }
+        }
+
+        # Clean up Scheduled/Tenant Backups
+        if ($PSCmdlet.ShouldProcess('ScheduledBackup', 'Cleaning up old backups')) {
+            $ScheduledBackupTable = Get-CippTable -tablename 'ScheduledBackup'
+            $Filter = "PartitionKey eq 'ScheduledBackup' and Timestamp lt datetime'$CutoffDate'"
+            
+            $OldScheduledBackups = Get-AzDataTableEntity @ScheduledBackupTable -Filter $Filter -Property @('PartitionKey', 'RowKey', 'ETag')
+            
+            if ($OldScheduledBackups) {
+                Write-Host "Found $($OldScheduledBackups.Count) old tenant backups to delete"
+                Remove-AzDataTableEntity @ScheduledBackupTable -Entity $OldScheduledBackups -Force
+                $DeletedCounts.Add($OldScheduledBackups.Count)
+                Write-LogMessage -API 'BackupRetentionCleanup' -message "Deleted $($OldScheduledBackups.Count) old tenant backups" -Sev 'Info'
+            } else {
+                Write-Host 'No old tenant backups found'
+            }
+        }
+
+        $TotalDeleted = ($DeletedCounts | Measure-Object -Sum).Sum
+        Write-LogMessage -API 'BackupRetentionCleanup' -message "Backup cleanup completed. Total backups deleted: $TotalDeleted (retention: $RetentionDays days)" -Sev 'Info'
+        
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -API 'BackupRetentionCleanup' -message "Failed to run backup cleanup: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage
+        throw
+    }
+}
