Use Azure CLI for resource lock operations on Azure Cosmos DB for Table tables
APPLIES TO: Table
The script in this article demonstrates performing resource lock operations for an API for Table table.
Important
To enable resource locking, the Azure Cosmos DB account must have the disableKeyBasedMetadataWriteAccess
property enabled. This property prevents any changes to resources from clients that connect via account keys, such as the Azure Cosmos DB Table SDK, Azure Storage Table SDK, or Azure portal. For more information, see Preventing changes from SDKs.
Prerequisites
You need an Azure Cosmos DB for Table account, database, and table created. If you don't have an Azure trail subscription, create a trial subscription before you begin.
Important
To create or delete resource locks, you must have the Owner role in your Azure subscription.
This script requires Azure CLI version 2.12.1 or later.
Note
Before you can use Azure CLI in Microsoft Azure operated by 21Vianet, please run
az cloud set -n AzureChinaCloud
first to change the cloud environment. If you want to switch back to Azure Public Cloud, runaz cloud set -n AzureCloud
again.You can use az account set to sign in with a different subscription, replacing
<subscriptionId>
with your Azure subscription ID.subscription="<subscriptionId>" # add subscription here az account set -s $subscription # ...or use 'az login'
If you prefer, you can install Azure CLI to run the script locally. Run az version to find the Azure CLI version and dependent libraries that are installed, and run az upgrade if you need to upgrade. If prompted, install Azure CLI extensions. If you're running Windows or macOS, consider running Azure CLI in a Docker container.
If you're using a local installation, sign in to Azure by running az login and following the prompts. For other sign-in options, see Sign in with the Azure CLI.
Sample script
The following script uses Azure CLI az lock commands to manipulate resource locks on your Azure Cosmos DB for Table table. The script needs the resourceGroup
, account
name, and table
name for the Azure Cosmos DB account and table you created.
- az lock create creates a
CanNotDelete
resource lock on the table. - az lock list lists all the lock information for your Azure Cosmos DB Table account.
- az lock delete uses az lock show to get the
id
of the lock on your table, and then uses thelockid
property to delete the lock.
# Resource lock operations for a Table API table
# Subscription owner permissions required for this script
# Run this script after running
# "https://docs.azure.cn/cosmos-db/scripts/cli/table/create#sample-script"
# Variable block
# Use values from prerequisite script or from your environment
# resourceGroup="your resource group name"
# account="your account name"
# table="your table name"
lockType='CanNotDelete' # CanNotDelete or ReadOnly
tableParent="databaseAccounts/$account"
tableResourceType="Microsoft.DocumentDB/tables"
tableLock='$table-Lock'
# Create a delete lock on table
echo "Creating $lockType lock on $table"
az lock create --name $tableLock --resource-group $resourceGroup --resource-type $tableResourceType --lock-type $lockType --parent $tableParent --resource $table
# List all locks on a Cosmos account
echo "Listing locks on $account"
az lock list --resource-group $resourceGroup --resource-name $account --namespace Microsoft.DocumentDB --resource-type databaseAccounts
# Delete lock on table
echo "Deleting $tableLock on $table"
lockid=$(az lock show --name $tableLock --resource-group $resourceGroup --resource-type $tableResourceType --resource $table --parent $tableParent --output tsv --query id)
az lock delete --ids $lockid
# </FullScript>
# echo "Deleting all resources"
# az group delete --name $resourceGroup -y
Clean up resources
If you no longer need the resources you created, use the az group delete command to delete the resource group and all resources it contains. These resources include the Azure Cosmos DB account and table. The resources might take a while to delete.
az group delete --name $resourceGroup