使用 Azure CLI 为 Azure Cosmos DB 的 MongoDB API 创建资源锁Create a resource lock for Azure Cosmos DB's API for MongoDB using Azure CLI


在 Azure China 中使用 Azure CLI 2.0 之前,请首先运行 az cloud set -n AzureChinaCloud 更改云环境。Before you can use Azure CLI 2.0 in Azure China, please run az cloud set -n AzureChinaCloud first to change the cloud environment. 如果要切换回全局 Azure,请再次运行 az cloud set -n AzureCloudIf you want to switch back to Global Azure, run az cloud set -n AzureCloud again.

选择在本地安装并使用 CLI 时,本主题要求运行 Azure CLI 2.9.1 或更高版本。When you choose to install and use the CLI locally, this topic requires that you are running the Azure CLI version 2.9.1 or later. 运行 az --version 即可查找版本。Run az --version to find the version. 如果需要进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install Azure CLI.


除非在启用了 disableKeyBasedMetadataWriteAccess 属性的情况下先锁定 Cosmos DB 帐户,否则资源锁对使用任何 MongoDB SDK、Mongoshell、任何工具或 Azure 门户进行连接的用户所做的更改均无效。Resource locks do not work for changes made by users connecting using any MongoDB SDK, Mongoshell, any tools or the Azure Portal unless the Cosmos DB account is first locked with the disableKeyBasedMetadataWriteAccess property enabled. 要详细了解如何启用此属性,请参阅防止 SDK 更改To learn more about how to enable this property see, Preventing changes from SDKs.

示例脚本Sample script


# Sign in the Azure China Cloud
az cloud set -n AzureChinaCloud
az login


lockType='CanNotDelete' # CanNotDelete or ReadOnly

# Create a delete lock on database
az lock create --name $databaseLockName \
    --resource-group $resourceGroupName \
    --resource-type Microsoft.DocumentDB/mongodbDatabases \
    --lock-type $lockType \
    --parent $databaseParent \
    --resource $databaseName

# Create a delete lock on collection
az lock create --name $collectionLockName \
    --resource-group $resourceGroupName \
    --resource-type Microsoft.DocumentDB/collections \
    --lock-type $lockType \
    --parent $collectionParent \
    --resource $collectionName

# List all locks on a Cosmos account
az lock list --resource-group $resourceGroupName \
    --resource-name $accountName \
    --namespace Microsoft.DocumentDB \
    --resource-type databaseAccounts

# Delete lock on database
lockid=$(az lock show --name $databaseLockName \
        --resource-group $resourceGroupName \
        --resource-type Microsoft.DocumentDB/mongodbDatabases \
        --resource $databaseName --parent $databaseParent \
        --output tsv --query id)
az lock delete --ids $lockid

# Delete lock on collection
lockid=$(az lock show --name $collectionLockName \
        --resource-group $resourceGroupName \
        --resource-type Microsoft.DocumentDB/collections \
        --resource-name $collectionName \
        --parent $collectionParent \
        --output tsv --query id)
az lock delete --ids $lockid

脚本说明Script explanation

此脚本使用以下命令。This script uses the following commands. 表中的每条命令均链接到特定于命令的文档。Each command in the table links to command specific documentation.

命令Command 注释Notes
az lock createaz lock create 创建锁。Creates a lock.
az lock listaz lock list 列出锁信息。List lock information.
az lock showaz lock show 显示锁的属性。Show properties of a lock.
az lock deleteaz lock delete 删除锁。Deletes a lock.

后续步骤Next steps

-锁定资源以防止意外更改-Lock resources to prevent unexpected changes

-Azure Cosmos DB CLI 文档-Azure Cosmos DB CLI documentation.

-Azure Cosmos DB CLI GitHub 存储库-Azure Cosmos DB CLI GitHub Repository.