Added vault tier restore and update backup instance for blobs (#24557)

* Added support for vaulted blobs restore and Update-backupInstance.

* added update BI test case
added ILR test case
added deep validate
added examples

* re-recorded failed tests

* re-recorded failed test

Author: hiaga

src/DataProtection/DataProtection.Autorest/Az.DataProtection.psd1

@@ -11,7 +11,7 @@
   DotNetFrameworkVersion = '4.7.2'
   RequiredAssemblies = './bin/Az.DataProtection.private.dll'
   FormatsToProcess = './Az.DataProtection.format.ps1xml'
-  FunctionsToExport = 'Backup-AzDataProtectionBackupInstanceAdhoc', 'Edit-AzDataProtectionPolicyRetentionRuleClientObject', 'Edit-AzDataProtectionPolicyTagClientObject', 'Edit-AzDataProtectionPolicyTriggerClientObject', 'Find-AzDataProtectionRestorableTimeRange', 'Get-AzDataProtectionBackupInstance', 'Get-AzDataProtectionBackupPolicy', 'Get-AzDataProtectionBackupVault', 'Get-AzDataProtectionJob', 'Get-AzDataProtectionOperation', 'Get-AzDataProtectionOperationStatus', 'Get-AzDataProtectionPolicyTemplate', 'Get-AzDataProtectionRecoveryPoint', 'Get-AzDataProtectionResourceGuard', 'Get-AzDataProtectionResourceGuardMapping', 'Get-AzDataProtectionSoftDeletedBackupInstance', 'Initialize-AzDataProtectionBackupInstance', 'Initialize-AzDataProtectionRestoreRequest', 'New-AzDataProtectionBackupConfigurationClientObject', 'New-AzDataProtectionBackupInstance', 'New-AzDataProtectionBackupPolicy', 'New-AzDataProtectionBackupVault', 'New-AzDataProtectionBackupVaultStorageSettingObject', 'New-AzDataProtectionPolicyTagCriteriaClientObject', 'New-AzDataProtectionPolicyTriggerScheduleClientObject', 'New-AzDataProtectionResourceGuard', 'New-AzDataProtectionRestoreConfigurationClientObject', 'New-AzDataProtectionRetentionLifeCycleClientObject', 'Remove-AzDataProtectionBackupInstance', 'Remove-AzDataProtectionBackupPolicy', 'Remove-AzDataProtectionBackupVault', 'Remove-AzDataProtectionResourceGuard', 'Remove-AzDataProtectionResourceGuardMapping', 'Resume-AzDataProtectionBackupInstanceProtection', 'Search-AzDataProtectionBackupInstanceInAzGraph', 'Search-AzDataProtectionBackupVaultInAzGraph', 'Search-AzDataProtectionJobInAzGraph', 'Set-AzDataProtectionMSIPermission', 'Set-AzDataProtectionResourceGuardMapping', 'Start-AzDataProtectionBackupInstanceRestore', 'Stop-AzDataProtectionBackupInstanceProtection', 'Suspend-AzDataProtectionBackupInstanceBackup', 'Sync-AzDataProtectionBackupInstance', 'Test-AzDataProtectionBackupInstanceReadiness', 'Test-AzDataProtectionBackupInstanceRestore', 'Undo-AzDataProtectionBackupInstanceDeletion', 'Unlock-AzDataProtectionResourceGuardOperation', 'Update-AzDataProtectionBackupInstanceAssociatedPolicy', 'Update-AzDataProtectionBackupVault', 'Update-AzDataProtectionResourceGuard', '*'
+  FunctionsToExport = 'Backup-AzDataProtectionBackupInstanceAdhoc', 'Edit-AzDataProtectionPolicyRetentionRuleClientObject', 'Edit-AzDataProtectionPolicyTagClientObject', 'Edit-AzDataProtectionPolicyTriggerClientObject', 'Find-AzDataProtectionRestorableTimeRange', 'Get-AzDataProtectionBackupInstance', 'Get-AzDataProtectionBackupPolicy', 'Get-AzDataProtectionBackupVault', 'Get-AzDataProtectionJob', 'Get-AzDataProtectionOperation', 'Get-AzDataProtectionOperationStatus', 'Get-AzDataProtectionPolicyTemplate', 'Get-AzDataProtectionRecoveryPoint', 'Get-AzDataProtectionResourceGuard', 'Get-AzDataProtectionResourceGuardMapping', 'Get-AzDataProtectionSoftDeletedBackupInstance', 'Initialize-AzDataProtectionBackupInstance', 'Initialize-AzDataProtectionRestoreRequest', 'New-AzDataProtectionBackupConfigurationClientObject', 'New-AzDataProtectionBackupInstance', 'New-AzDataProtectionBackupPolicy', 'New-AzDataProtectionBackupVault', 'New-AzDataProtectionBackupVaultStorageSettingObject', 'New-AzDataProtectionPolicyTagCriteriaClientObject', 'New-AzDataProtectionPolicyTriggerScheduleClientObject', 'New-AzDataProtectionResourceGuard', 'New-AzDataProtectionRestoreConfigurationClientObject', 'New-AzDataProtectionRetentionLifeCycleClientObject', 'Remove-AzDataProtectionBackupInstance', 'Remove-AzDataProtectionBackupPolicy', 'Remove-AzDataProtectionBackupVault', 'Remove-AzDataProtectionResourceGuard', 'Remove-AzDataProtectionResourceGuardMapping', 'Resume-AzDataProtectionBackupInstanceProtection', 'Search-AzDataProtectionBackupInstanceInAzGraph', 'Search-AzDataProtectionBackupVaultInAzGraph', 'Search-AzDataProtectionJobInAzGraph', 'Set-AzDataProtectionMSIPermission', 'Set-AzDataProtectionResourceGuardMapping', 'Start-AzDataProtectionBackupInstanceRestore', 'Stop-AzDataProtectionBackupInstanceProtection', 'Suspend-AzDataProtectionBackupInstanceBackup', 'Sync-AzDataProtectionBackupInstance', 'Test-AzDataProtectionBackupInstanceReadiness', 'Test-AzDataProtectionBackupInstanceRestore', 'Undo-AzDataProtectionBackupInstanceDeletion', 'Unlock-AzDataProtectionResourceGuardOperation', 'Update-AzDataProtectionBackupInstance', 'Update-AzDataProtectionBackupInstanceAssociatedPolicy', 'Update-AzDataProtectionBackupVault', 'Update-AzDataProtectionResourceGuard', '*'
   AliasesToExport = '*'
   PrivateData = @{
     PSData = @{

src/DataProtection/DataProtection.Autorest/custom/Cmdlets/Backupcenter/Search-AzDataProtectionBackupVaultInAzGraph.ps1

@@ -8,7 +8,7 @@
         [Parameter(Mandatory, HelpMessage='Subscription of Vault')]
         [Alias('SubscriptionId')]
         [System.String[]]
-        ${Subscription},
+        ${Subscription}, # TODO: add alias to all ARG command params
 
         [Parameter(Mandatory=$false, HelpMessage='Resource Group of Vault')]
         [Alias('ResourceGroupName')]

src/DataProtection/DataProtection.Autorest/custom/Cmdlets/Common/Initialize-AzDataProtectionBackupInstance.ps1 renamed to src/DataProtection/DataProtection.Autorest/custom/Cmdlets/Platform/BackupInstance/Initialize-AzDataProtectionBackupInstance.ps1

@@ -43,7 +43,7 @@ function Initialize-AzDataProtectionBackupInstance {
         [System.String]
         ${FriendlyName},
 
-        [Parameter(Mandatory=$false, HelpMessage='Backup configuration for backup. Use this parameter to configure protection for AzureKubernetesService.')]
+        [Parameter(Mandatory=$false, HelpMessage='Backup configuration for backup. Use this parameter to configure protection for AzureKubernetesService,AzureBlob.')]
         [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20231201.IBackupDatasourceParameters]
         ${BackupConfiguration}
     )
@@ -118,7 +118,7 @@ function Initialize-AzDataProtectionBackupInstance {
             else{
                 $errormsg = "Please ensure that secret store based authentication is supported for given data source"
         		throw $errormsg
-            }            
+            }
         }
 
         $backupInstanceResource = [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20231201.BackupInstanceResource]::new()

src/DataProtection/DataProtection.Autorest/custom/Cmdlets/Common/New-AzDataProtectionBackupConfigurationClientObject.ps1 renamed to src/DataProtection/DataProtection.Autorest/custom/Cmdlets/Platform/BackupInstance/New-AzDataProtectionBackupConfigurationClientObject.ps1

@@ -0,0 +1,139 @@
+
+
+function Update-AzDataProtectionBackupInstance
+{
+	[OutputType('Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20231201.IBackupInstanceResource')]
+    [CmdletBinding(PositionalBinding=$false, SupportsShouldProcess)]
+    [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Description('Updates a given backup instance')]
+
+    param(
+        [Parameter(Mandatory=$false, HelpMessage='Subscription Id of the vault')]
+        [System.String]
+        ${SubscriptionId},
+
+        [Parameter(Mandatory, HelpMessage='Resource Group of the backup vault')]
+        [System.String]
+        ${ResourceGroupName},
+
+        [Parameter(Mandatory, HelpMessage='Name of the backup vault')]
+        [System.String]
+        ${VaultName},
+
+        [Parameter(Mandatory, HelpMessage='Unique Name of protected backup instance')]
+        [System.String]
+        ${BackupInstanceName},
+
+        [Parameter(Mandatory=$false, HelpMessage='Id of the Policy to be associated with the backup instance')]
+        [System.String]
+        ${PolicyId},
+
+        [Parameter(Mandatory=$false, HelpMessage='List of containers to be backed up inside the VaultStore. Use this parameter for DatasourceType AzureBlob.')]
+        [System.String[]]
+        ${VaultedBackupContainer},        
+
+        [Parameter()]
+        [Alias('AzureRMContext', 'AzureCredential')]
+        [ValidateNotNull()]
+        [System.Management.Automation.PSObject]
+        # The credentials, account, tenant, and subscription used for communication with Azure.
+        ${DefaultProfile},
+    
+        [Parameter(DontShow)]
+        [System.Management.Automation.SwitchParameter]
+        # Wait for .NET debugger to attach
+        ${Break},
+    
+        [Parameter(DontShow)]
+        [ValidateNotNull()]
+        [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Runtime.SendAsyncStep[]]
+        # SendAsync Pipeline Steps to be appended to the front of the pipeline
+        ${HttpPipelineAppend},
+    
+        [Parameter(DontShow)]
+        [ValidateNotNull()]
+        [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Runtime.SendAsyncStep[]]
+        # SendAsync Pipeline Steps to be prepended to the front of the pipeline
+        ${HttpPipelinePrepend},
+    
+        [Parameter(DontShow)]
+        [System.Uri]
+        # The URI for the proxy server to use
+        ${Proxy},
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        # Run the command as a job
+        ${AsJob},
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        # Run the command asynchronously
+        ${NoWait},
+    
+        [Parameter(DontShow)]
+        [ValidateNotNull()]
+        [System.Management.Automation.PSCredential]
+        # Credentials for a proxy server to use for the remote call
+        ${ProxyCredential},
+    
+        [Parameter(DontShow)]
+        [System.Management.Automation.SwitchParameter]
+        # Use the default credentials for the proxy
+        ${ProxyUseDefaultCredentials}
+    )
+
+    process
+    {
+        $hasPolicyId = $PSBoundParameters.Remove("PolicyId")
+        $hasVaultedBackupContainer = $PSBoundParameters.Remove("VaultedBackupContainer")
+
+        $instance = Az.DataProtection\Get-AzDataProtectionBackupInstance @PSBoundParameters
+        
+        if($hasPolicyId){
+            $instance.Property.PolicyInfo.PolicyId = $PolicyId
+        }        
+
+        $DatasourceType =  GetClientDatasourceType -ServiceDatasourceType $instance.Property.DataSourceInfo.Type 
+        # $manifest = LoadManifest -DatasourceType $DatasourceType.ToString()
+        
+        if($hasVaultedBackupContainer){
+
+            if($DatasourceType -ne "AzureBlob"){
+                $err = "Parameter VaultedBackupContainer isn't supported for given Datasource"
+                throw $err
+            }
+
+            # exclude containers which start with $ except $web, $root
+            $unsupportedContainers = $VaultedBackupContainer | Where-Object { $_ -like '$*' -and $_ -ne "`$root" -and $_ -ne "`$web"}
+            if($unsupportedContainers.Count -gt 0){
+                $message = "Following containers are not allowed for configure protection with AzureBlob - $unsupportedContainers. Please remove them and try again."
+                throw $message
+            }
+                        
+            $datasourceParam = $instance.Property.PolicyInfo.PolicyParameter.BackupDatasourceParametersList
+            
+            if($datasourceParam -ne $null -and $datasourceParam[0].ObjectType -eq "BlobBackupDatasourceParameters"){
+                $instance.Property.PolicyInfo.PolicyParameter.BackupDatasourceParametersList[0].ContainersList = $VaultedBackupContainer
+            }
+            elseif($datasourceParam -eq $null){
+                $backupConfiguration = [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20231201.BlobBackupDatasourceParameters]::new()
+                $backupConfiguration.ObjectType = "BlobBackupDatasourceParameters"
+                $backupConfiguration.ContainersList = $VaultedBackupContainer
+
+                $instance.Property.PolicyInfo.PolicyParameter.BackupDatasourceParametersList += @($backupConfiguration)
+            }
+            else{
+                $err = "instance.Property.PolicyInfo.PolicyParameter.BackupDatasourceParametersList is not in proper format."
+                throw $err
+            }
+        }
+
+        # deep validate for update-BI
+        $instance.Property.ValidationType = "DeepValidation"
+
+        $null = $PSBoundParameters.Remove("BackupInstanceName")
+        $null = $PSBoundParameters.Add("Name", $instance.Name)
+        $null = $PSBoundParameters.Add("Parameter", $instance)
+        Az.DataProtection.Internal\New-AzDataProtectionBackupInstance @PSBoundParameters
+    }
+}

src/DataProtection/DataProtection.Autorest/custom/Cmdlets/Common/New-AzDataProtectionBackupInstance.ps1 renamed to src/DataProtection/DataProtection.Autorest/custom/Cmdlets/Platform/BackupInstance/New-AzDataProtectionBackupInstance.ps1

@@ -102,13 +102,17 @@
         [Parameter(ParameterSetName="AlternateLocationILR", Mandatory=$false, HelpMessage='Container names for Item Level Recovery.')]
         [System.String[]]
         ${ContainersList},
+                
+        [Parameter(ParameterSetName="AlternateLocationILR", Mandatory=$false, HelpMessage='Use this parameter to filter block blobs by prefix in a container for alternate location ILR. When you specify a prefix, only blobs matching that prefix in the container will be restored. Input for this parameter is a hashtable where each key is a container name and each value is an array of string prefixes for that container.')]
+        [Hashtable]
+        ${PrefixMatch},
 
-        [Parameter(ParameterSetName="OriginalLocationILR", Mandatory=$false, HelpMessage='Minimum matching value for Item Level Recovery.')]
+        [Parameter(ParameterSetName="OriginalLocationILR", Mandatory=$false, HelpMessage='Specify the blob restore start range for PITR. You can use this option to specify the starting range for a subset of blobs in each container to restore. use a forward slash (/) to separate the container name from the blob prefix pattern.')]
         # [Parameter(ParameterSetName="AlternateLocationILR", Mandatory=$false, HelpMessage='Minimum matching value for Item Level Recovery.')]
         [System.String[]]
         ${FromPrefixPattern},
 
-        [Parameter(ParameterSetName="OriginalLocationILR", Mandatory=$false, HelpMessage='Maximum matching value for Item Level Recovery.')]
+        [Parameter(ParameterSetName="OriginalLocationILR", Mandatory=$false, HelpMessage='Specify the blob restore end range for PITR. You can use this option to specify the ending range for a subset of blobs in each container to restore. use a forward slash (/) to separate the container name from the blob prefix pattern.')]
         # [Parameter(ParameterSetName="AlternateLocationILR", Mandatory=$false, HelpMessage='Maximum matching value for Item Level Recovery.')]
         [System.String[]]
         ${ToPrefixPattern},
@@ -257,6 +261,7 @@
             if($DatasourceType -ne "AzureKubernetesService"){ # TODO: remove Datasource dependency
 
                 if(($RecoveryPoint -ne $null) -and ($RecoveryPoint -ne "") -and $ContainersList.length -gt 0){
+                    $hasPrefixMatch = $PSBoundParameters.Remove("PrefixMatch")
                     for($i = 0; $i -lt $ContainersList.length; $i++){
 
                         $restoreCriteria = [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20231201.ItemPathBasedRestoreCriteria]::new()
@@ -265,6 +270,14 @@
                         $restoreCriteria.ItemPath = $ContainersList[$i]
                         $restoreCriteria.IsPathRelativeToBackupItem = $true
 
+                        if($hasPrefixMatch){
+                            $pathPrefix = $PrefixMatch[$ContainersList[$i]]
+                            if($pathPrefix -ne $null -and !($pathPrefix -is [Array])){
+                                throw "values for PrefixMatch must be string array for each container"
+                            }
+                            $restoreCriteria.SubItemPathPrefix = $pathPrefix
+                        }
+
                         # adding a criteria for each container given
                         $restoreCriteriaList += ($restoreCriteria)
                     }

src/DataProtection/DataProtection.Autorest/custom/Cmdlets/Platform/BackupInstance/Update-AzDataProtectionBackupInstance.ps1

@@ -152,6 +152,9 @@ Undeletes a soft deleted backup instance
 ### [Unlock-AzDataProtectionResourceGuardOperation](Unlock-AzDataProtectionResourceGuardOperation.md)
 Unlocks the critical operation which is protected by the resource guard
 
+### [Update-AzDataProtectionBackupInstance](Update-AzDataProtectionBackupInstance.md)
+Updates a given backup instance
+
 ### [Update-AzDataProtectionBackupInstanceAssociatedPolicy](Update-AzDataProtectionBackupInstanceAssociatedPolicy.md)
 Updates associated policy for a given backup instance
 

src/DataProtection/DataProtection.Autorest/custom/Cmdlets/Common/Update-AzDataProtectionBackupInstanceAssociatedPolicy.ps1 renamed to src/DataProtection/DataProtection.Autorest/custom/Cmdlets/Platform/BackupInstance/Update-AzDataProtectionBackupInstanceAssociatedPolicy.ps1

@@ -48,7 +48,7 @@ This object can now be used to configure backup for the given disk.
 
 ### Example 2: Initialize Backup instance object for AzureKubernetesService
 ```powershell
-$policy = Get-AzDataProtectionBackupPolicy -SubscriptionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -VaultName "vaultName" -ResourceGroupName "resourceGroupName" | where {$_.Name -eq "policyName"}
+$policy = Get-AzDataProtectionBackupPolicy -SubscriptionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -VaultName "vaultName" -ResourceGroupName "resourceGroupName" | Where-Object {$_.Name -eq "policyName"}
 $sourceClusterId = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster"
 $snapshotResourceGroupId = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName"
 $backupConfig = New-AzDataProtectionBackupConfigurationClientObject -SnapshotVolume $true -IncludeClusterScopeResource $true -DatasourceType AzureKubernetesService -LabelSelector "x=y","foo=bar" 
@@ -92,7 +92,7 @@ Similarly use datasourcetype AzureDatabaseForMySQL to initialize backup instance
 
 ### -BackupConfiguration
 Backup configuration for backup.
-Use this parameter to configure protection for AzureKubernetesService.
+Use this parameter to configure protection for AzureKubernetesService,AzureBlob.
 To construct, see NOTES section for BACKUPCONFIGURATION properties and create a hash table.
 
 ```yaml

src/DataProtection/DataProtection.Autorest/custom/Cmdlets/Platform/Restore/Initialize-AzDataProtectionRestoreRequest.ps1

@@ -25,7 +25,7 @@ Initialize-AzDataProtectionRestoreRequest -DatasourceType <DatasourceTypes> -Res
 ```
 Initialize-AzDataProtectionRestoreRequest -DatasourceType <DatasourceTypes> -ItemLevelRecovery
  -RestoreLocation <String> -RestoreType <RestoreTargetType> -SourceDataStore <DataStoreType>
- -TargetResourceId <String> [-ContainersList <String[]>] [-RecoveryPoint <String>]
+ -TargetResourceId <String> [-ContainersList <String[]>] [-PrefixMatch <Hashtable>] [-RecoveryPoint <String>]
  [-RestoreConfiguration <KubernetesClusterRestoreCriteria>] [<CommonParameters>]
 ```
 
@@ -250,7 +250,9 @@ Accept wildcard characters: False
 ```
 
 ### -FromPrefixPattern
-Minimum matching value for Item Level Recovery.
+Specify the blob restore start range for PITR.
+You can use this option to specify the starting range for a subset of blobs in each container to restore.
+use a forward slash (/) to separate the container name from the blob prefix pattern.
 
 ```yaml
 Type: System.String[]
@@ -294,6 +296,23 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -PrefixMatch
+Use this parameter to filter block blobs by prefix in a container for alternate location ILR.
+When you specify a prefix, only blobs matching that prefix in the container will be restored.
+Input for this parameter is a hashtable where each key is a container name and each value is an array of string prefixes for that container.
+
+```yaml
+Type: System.Collections.Hashtable
+Parameter Sets: AlternateLocationILR
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -RecoveryPoint
 Id of the recovery point to be restored.
 
@@ -482,7 +501,9 @@ Accept wildcard characters: False
 ```
 
 ### -ToPrefixPattern
-Maximum matching value for Item Level Recovery.
+Specify the blob restore end range for PITR.
+You can use this option to specify the ending range for a subset of blobs in each container to restore.
+use a forward slash (/) to separate the container name from the blob prefix pattern.
 
 ```yaml
 Type: System.String[]