Merge branch 'users/komakkar/backupScripts' into 'master'

Adding script to configure the Backup for CosmosDB and Storage Account See merge request osdu/platform/deployment-and-operations/infra-azure-provisioning!206

Merge branch 'users/komakkar/backupScripts' into 'master'
Adding script to configure the Backup for CosmosDB and Storage Account See merge request osdu/platform/deployment-and-operations/infra-azure-provisioning!206
e270e094 · Hema Vishnu Pola [Microsoft] · f356cb4a · 3afee1f2 · e270e094 · e270e094
Commit e270e094 authored Feb 18, 2021 by Hema Vishnu Pola [Microsoft]
--- a/README.md
+++ b/README.md
@@ -192,7 +192,6 @@ __Azure AD Admin Consent__
 For more information on Azure identity and authorization, see the official Microsoft documentation [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent).


-
 ## Elastic Search Setup

 Infrastructure requires a bring your own Elastic Search Instance of a version of 6.8.x with a valid https endpoint and the access information must now be stored in the Common KeyVault. The recommended method of Elastic Search is to use the [Elastic Cloud Managed Service from the Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure?tab=Overview).
@@ -221,6 +220,10 @@ EOF
 cp .envrc .envrc_${UNIQUE}
 ```

+## Configure Back Up
+Back is enabled by default. To set the backup policies, utilize the script 
+[here](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/tree/master/tools).
+The script should be run whenever you bring up a Resource Group in your deployment.

 ## Configure Key Access in Manifest Repository


--- a/tools/backup/update_backup_policies.sh
+++ b/tools/backup/update_backup_policies.sh
+#!/bin/bash
+
+# Config values for Service Account Data Protection Policies.
+ENABLE_DELETE_RETENTION="true"
+DELETE_RETENTION_DAYS=29
+ENABLE_VERSIONING="true"
+ENABLE_CHANGE_FEED="true"
+ENABLE_RESTORE_POLICY="true"
+RESTORE_DAYS=28
+
+# Config values for CosmosDB Account Backup Policies.
+BACKUP_INTERVAL_IN_MINUTES=480
+BACKUP_RETENTION_IN_HOURS=672
+
+# Literals
+RESOURCETYPE_STORAGE_ACCOUNT="Microsoft.Storage/storageAccounts"
+RESOURCETYPE_COSMOSDB_ACCOUNT="Microsoft.DocumentDb/databaseAccounts"
+QUERY_FOR_NAME='[].name'
+
+# arguments (message)
+function log() {
+  echo >&2 "[update_backup_policies.sh] $1"
+}
+
+function configureDataProtectionPoliciesForStorageAccounts() {
+    log "function:start: ${FUNCNAME}"
+	log "Setting Data Protection policies for all Storage Accounts in the Resource Group: ${resourceGroup}."
+	log "following properties would be updated:"
+	log "DELETE_RETENTION_DAYS: ${DELETE_RETENTION_DAYS}"
+	log "RESTORE_DAYS: ${RESTORE_DAYS}"
+	
+	local resourceGroup=$1
+	
+	storageAccounts=$(az resource list \
+	                    --resource-group "${resourceGroup}" \
+	                    --resource-type "${RESOURCETYPE_STORAGE_ACCOUNT}" \
+	                    --query "${QUERY_FOR_NAME}" \
+	                    --output tsv)
+
+	for storageAccount in $storageAccounts ;
+		do
+			storageAccount=$(echo "${storageAccount}" | sed -r 's/\/r//g')
+			log "Setting backup policies for Storage Account: ${storageAccount}."
+			az storage account blob-service-properties update \
+        --resource-group "${resourceGroup}" \
+        --account-name "${storageAccount}" \
+        --enable-delete-retention "${ENABLE_DELETE_RETENTION}" \
+        --delete-retention-days "${DELETE_RETENTION_DAYS}" \
+        --enable-versioning "${ENABLE_VERSIONING}" \
+        --enable-change-feed "${ENABLE_CHANGE_FEED}" \
+        --enable-restore-policy "${ENABLE_RESTORE_POLICY}" \
+        --restore-days "${RESTORE_DAYS}";
+	  done;
+	log "function:end: ${FUNCNAME}"
+}
+
+function configureBackupPoliciesForCosmosDbAccounts() {
+	log "function:start: ${FUNCNAME}"
+	log "Setting backup policies all CosmosDB Accounts in Resource Group: ${resourceGroup}."
+	log "following properties would be updated:"
+	log "BACKUP_INTERVAL_IN_MINUTES: ${BACKUP_INTERVAL_IN_MINUTES}"
+	log "BACKUP_RETENTION_IN_HOURS: ${BACKUP_RETENTION_IN_HOURS}"	
+
+	local resourceGroup=$1
+	
+	cosmosdbAccounts=$(az resource list \
+	                     --resource-group "${resourceGroup}" \
+	                     --resource-type "${RESOURCETYPE_COSMOSDB_ACCOUNT}" \
+	                     --query "${QUERY_FOR_NAME}" \
+	                     --output tsv)
+	
+	for cosmosDbAccount in $cosmosdbAccounts ;
+		do
+		  cosmosDbAccount=$(echo "${cosmosDbAccount}" | sed -r 's/\/r//g')
+			log "Setting backup policies for CosmosDB Account: ${cosmosDbAccount}."
+			az cosmosdb update \
+				--name "${cosmosDbAccount}"\
+				--resource-group "${resourceGroup}"\
+				--backup-interval "${BACKUP_INTERVAL_IN_MINUTES}" \
+				--backup-retention "${BACKUP_RETENTION_IN_HOURS}" ;
+	  done;
+	log "function:end: ${FUNCNAME}"  
+}
+
+main() {
+	log "function:start: ${FUNCNAME}"
+	local resourceGroup=$1
+	local help=$2
+
+	if [ "$help" == "true" ]; then
+        echo "
+			  Use -r options to specify Resource Group, for which back up is to be configured.
+			  Use -h true option for help
+			  "
+        exit 0
+    fi
+
+	configureDataProtectionPoliciesForStorageAccounts "${resourceGroup}"
+	configureBackupPoliciesForCosmosDbAccounts "${resourceGroup}"
+	log "function:end: ${FUNCNAME}"
+}
+
+# Input Management
+resourceGroup=""
+help="false"
+while getopts ":r::h::" opt; do
+    case $opt in
+        r)
+          resourceGroup=$OPTARG
+          ;;
+        h)
+          help="true"
+          ;;
+		    \?)
+          echo "Invalid option: -$OPTARG"
+          echo "Use -h true option for help"
+          exit 1
+          ;;
+        :)
+          echo "Option -$OPTARG requires an argument."
+          echo "Use -h true option for help"
+          exit 1
+          ;;
+    esac
+done
+
+main "$resourceGroup" "$help"
\ No newline at end of file