Skip to content

feat: DTOSS-9884 Schedule Immutable Backups in Prod#1535

Merged
rfk-nc merged 8 commits intomainfrom
feat/dtoss-9884-immutable-backups-azure-sql
Sep 4, 2025
Merged

feat: DTOSS-9884 Schedule Immutable Backups in Prod#1535
rfk-nc merged 8 commits intomainfrom
feat/dtoss-9884-immutable-backups-azure-sql

Conversation

@rfk-nc
Copy link
Copy Markdown
Contributor

@rfk-nc rfk-nc commented Aug 22, 2025
edited
Loading

Description

Continue the recent PoC whereby a PowerShell script is used to perform a database backup on a scheduled basis and store in in a Storage container with an Immutability Policy set.

The PR includes changes to meet the following requirements:

  • Backup script created in PowerShell
  • Container App Job with a User Assigned Managed Identity attached to it created to run the backup
  • New Storage Account containing a Storage Container with the Immutability Policy set created in the Audit subscription
  • New Pipeline created to trigger the container job on a scheduled basis

The way in which the User Assigned Managed Identity for the DB-Management job has also been changed to provide the flexibility required to process different MIs for each Container App Job, as well as using standardised naming for the identities.

Context

Allows backup files to be stored that cannot be deleted within the enforced blob retention period.

Evidence of Successful Deployment

Successful pipeline run showing deployment of the new resources:
Immutable Backup Task - Prod

Successful backup file creation:

image

Resultant backup file:

image

Database successfully restored as copy:

image

New database within Azure SQL:

image

Proof backup file cannot be deleted do to policy:

image

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Aug 22, 2025
edited
Loading

Unit Test Results

✔️ Tests 777 / 777 - passed in 68.1s
📝 Coverage 56.94%
📏 4285 / 7411 lines covered 🌿 1055 / 1968 branches covered
🔍 click here for more details

✏️ updated for commit e0a0e57

@rfk-nc rfk-nc force-pushed the feat/dtoss-9884-immutable-backups-azure-sql branch 4 times, most recently from afd045a to 44629ee Compare August 28, 2025 16:17
@rfk-nc rfk-nc changed the title feat: DTOSS-9884 Add Storage Container for Immutable Backups feat: DTOSS-9884 Schedule Immutable Backups in Prod Sep 2, 2025
@rfk-nc rfk-nc force-pushed the feat/dtoss-9884-immutable-backups-azure-sql branch from 03c39bb to 1c097ef Compare September 2, 2025 16:07
MacMur85
MacMur85 previously approved these changes Sep 2, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@MacMur85 MacMur85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Approved

MacMur85
MacMur85 previously approved these changes Sep 3, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@MacMur85 MacMur85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Sep 3, 2025

Quality Gate Passed Quality Gate passed

Issues
8 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

MacMur85
MacMur85 approved these changes Sep 4, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@MacMur85 MacMur85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Peer reviewed in the office, approved.

@rfk-nc rfk-nc added this pull request to the merge queue Sep 4, 2025
Merged via the queue into main with commit e8499d5 Sep 4, 2025
74 checks passed
@rfk-nc rfk-nc deleted the feat/dtoss-9884-immutable-backups-azure-sql branch September 4, 2025 14:06
@rfk-nc rfk-nc mentioned this pull request Sep 4, 2025
Merged
10 tasks
stephhou pushed a commit that referenced this pull request Sep 5, 2025
@rfk-nc @stephhou
feat: DTOSS-9884 Schedule Immutable Backups in Prod (#1535)
ff3d4d5 
* Add Immutable backup and restore container jobs

* Add retry limit

* Resolve SonarCloud root user warnings

* Resolve SonarCloud warnings

* Resolve SonarCloud warnings
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MacMur85 MacMur85 MacMur85 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rfk-nc @MacMur85