added MSI based Restore (#15519)

re-recorded tests

Author: hiaga

src/RecoveryServices/RecoveryServices.Backup.Helpers/RecoveryServices.Backup.Helpers.csproj

@@ -12,7 +12,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-	<PackageReference Include="Microsoft.Azure.Management.RecoveryServices.Backup" Version="4.1.6-preview" />
+	<PackageReference Include="Microsoft.Azure.Management.RecoveryServices.Backup" Version="4.1.9-preview" />
     <PackageReference Include="TimeZoneConverter" Version="3.0.0" />
   </ItemGroup>
 

src/RecoveryServices/RecoveryServices.Backup.Models/CmdletParamEnums.cs

@@ -70,7 +70,9 @@ public enum RestoreVMBackupItemParams
         RestoreOnlyOSDisk,
         RestoreAsUnmanagedDisks,
         DiskEncryptionSetId,
-        RestoreAsManagedDisk
+        RestoreAsManagedDisk,
+        UseSystemAssignedIdentity,
+        UserAssignedIdentityId
     }
 
     public enum RestoreFSBackupItemParams

src/RecoveryServices/RecoveryServices.Backup.Models/Properties/Resources.Designer.cs

@@ -652,4 +652,10 @@ Please contact Microsoft for further assistance.</value>
   <data name="MoveReadinessInfoUndefined" xml:space="preserve">
     <value>Move Readiness cannot be checked for given recovery points</value>
   </data>
+  <data name="MSIRestoreNotSupportedForUnmanagedVM" xml:space="preserve">
+    <value>MSI based Restore is only applicable to Managed VM Recovery Points</value>
+  </data>
+  <data name="MultipleMSIProvidedForRestore" xml:space="preserve">
+    <value>MSI based Restore can't use both SystemAssigned and UserAssigned identities</value>
+  </data>
 </root>

src/RecoveryServices/RecoveryServices.Backup.Models/Properties/Resources.resx

@@ -12,7 +12,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-	  <PackageReference Include="Microsoft.Azure.Management.RecoveryServices.Backup" Version="4.1.6-preview" />
+	  <PackageReference Include="Microsoft.Azure.Management.RecoveryServices.Backup" Version="4.1.9-preview" />
   </ItemGroup>
 
   <ItemGroup>

src/RecoveryServices/RecoveryServices.Backup.Models/RecoveryServices.Backup.Models.csproj

@@ -50,7 +50,7 @@ public class VaultProperty
 
         public EncryptionConfig encryptionProperties { get; set; }
 
-        public VaultProperty(BackupResourceVaultConfig vaultConfig, BackupResourceEncryptionConfigResource vaultEncryptionSetting)
+        public VaultProperty(BackupResourceVaultConfig vaultConfig, BackupResourceEncryptionConfigExtendedResource vaultEncryptionSetting)
         {
             StorageModelType = vaultConfig.StorageModelType;
             StorageType = vaultConfig.StorageType;
@@ -69,10 +69,12 @@ public VaultProperty(BackupResourceVaultConfig vaultConfig, BackupResourceEncryp
             encryptionProperties.Name = vaultEncryptionSetting.Name;
             encryptionProperties.Type = vaultEncryptionSetting.Type;
             encryptionProperties.Location = vaultEncryptionSetting.Location;
+            encryptionProperties.UseSystemAssignedIdentity = vaultEncryptionSetting.Properties.UseSystemAssignedIdentity;
+            encryptionProperties.UserAssignedIdentity = vaultEncryptionSetting.Properties.UserAssignedIdentity;
         }
-    }    
+    }
 
-    public class EncryptionConfig : BackupResourceEncryptionConfig
+    public class EncryptionConfig : BackupResourceEncryptionConfigExtended
     {
         public string Id { get; set; }        
         public string Name { get; set; }

src/RecoveryServices/RecoveryServices.Backup.Models/VaultModels/VaultProperty.cs

@@ -399,7 +399,9 @@ public RestAzureNS.AzureOperationResponse TriggerRestore()
             string rehydrateDuration = ProviderData.ContainsKey(RecoveryPointParams.RehydrateDuration) ?
                 ProviderData[RecoveryPointParams.RehydrateDuration].ToString() : "15";
             string rehydratePriority = ProviderData.ContainsKey(RecoveryPointParams.RehydratePriority) ?
-                ProviderData[RecoveryPointParams.RehydratePriority].ToString() : null;
+                ProviderData[RecoveryPointParams.RehydratePriority].ToString() : null;            
+            bool useSystemAssignedIdentity = (bool)ProviderData[RestoreVMBackupItemParams.UseSystemAssignedIdentity];
+            string userAssignedIdentityId = (string) ProviderData[RestoreVMBackupItemParams.UserAssignedIdentityId];
 
             Dictionary<UriEnums, string> uriDict = HelperUtils.ParseUri(rp.Id);
             string containerUri = HelperUtils.GetContainerUri(uriDict, rp.Id);
@@ -443,7 +445,30 @@ public RestAzureNS.AzureOperationResponse TriggerRestore()
             {
                 restoreDiskLUNS = null;
             }
-            
+
+            // Vanguard M9 requirement: restores using MSI
+            IdentityInfo identityInfo = null;
+            if (useSystemAssignedIdentity || (userAssignedIdentityId != null && userAssignedIdentityId != ""))
+            {
+                if (rp.IsManagedVirtualMachine)
+                {
+                    identityInfo = new IdentityInfo();
+                    if (useSystemAssignedIdentity)
+                    {   
+                        identityInfo.IsSystemAssignedIdentity = true;
+                    }
+                    else
+                    {
+                        identityInfo.IsSystemAssignedIdentity = false;
+                        identityInfo.ManagedIdentityResourceId = userAssignedIdentityId;
+                    }
+                }
+                else
+                {
+                    throw new NotSupportedException(Resources.MSIRestoreNotSupportedForUnmanagedVM);                    
+                }
+            }
+
             IaasVMRestoreRequest restoreRequest = new IaasVMRestoreRequest()
             {
                 CreateNewCloudService = false,
@@ -458,7 +483,8 @@ public RestAzureNS.AzureOperationResponse TriggerRestore()
                 OriginalStorageAccountOption = useOsa,
                 RestoreDiskLunList = restoreDiskLUNS,
                 DiskEncryptionSetId = DiskEncryptionSetId,
-                RestoreWithManagedDisks = restoreWithManagedDisks
+                RestoreWithManagedDisks = restoreWithManagedDisks,
+                IdentityInfo = identityInfo
             };
 
             if(targetZones != null)
@@ -469,6 +495,7 @@ public RestAzureNS.AzureOperationResponse TriggerRestore()
             RestoreRequestResource triggerRestoreRequest = new RestoreRequestResource();
             triggerRestoreRequest.Properties = restoreRequest;
 
+            // Cross Region Restore
             if (useSecondaryRegion)
             {
                 // get access token

src/RecoveryServices/RecoveryServices.Backup.Providers/Providers/IaasVmPsBackupProvider.cs

@@ -12,7 +12,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-	  <PackageReference Include="Microsoft.Azure.Management.RecoveryServices.Backup" Version="4.1.6-preview" />
+	<PackageReference Include="Microsoft.Azure.Management.RecoveryServices.Backup" Version="4.1.9-preview" />
   </ItemGroup>
 
   <ItemGroup>

src/RecoveryServices/RecoveryServices.Backup.Providers/RecoveryServices.Backup.Providers.csproj

@@ -63,7 +63,7 @@ public BackupResourceConfigResource GetVaultStorageType(string resouceGroupName,
         /// <param name="resouceGroupName">Name of the resouce group</param>  
         /// <param name="vaultName">Name of the vault</param>  
         /// <returns>Azure Resource Encryption response object.</returns>  
-        public BackupResourceEncryptionConfigResource GetVaultEncryptionConfig(string resouceGroupName, string vaultName)
+        public BackupResourceEncryptionConfigExtendedResource GetVaultEncryptionConfig(string resouceGroupName, string vaultName)
         {
             return BmsAdapter.Client.BackupResourceEncryptionConfigs.GetWithHttpMessagesAsync(
                 vaultName, resouceGroupName).Result.Body;

src/RecoveryServices/RecoveryServices.Backup.ServiceClientAdapter/BMSAPIs/VaultAPIs.cs

@@ -13,7 +13,7 @@
 
   <ItemGroup>
 	  <PackageReference Include="Microsoft.Azure.Management.RecoveryServices" Version="4.3.1-preview" />
-	  <PackageReference Include="Microsoft.Azure.Management.RecoveryServices.Backup" Version="4.1.6-preview" />
+	  <PackageReference Include="Microsoft.Azure.Management.RecoveryServices.Backup" Version="4.1.9-preview" />
 	  <PackageReference Include="System.Configuration.ConfigurationManager" Version="4.4.1" />
   </ItemGroup>
 

src/RecoveryServices/RecoveryServices.Backup.ServiceClientAdapter/RecoveryServices.Backup.ServiceClientAdapter.csproj

@@ -14,7 +14,7 @@
     <PackageReference Include="Microsoft.Azure.Management.Compute" Version="48.0.0" />
     <PackageReference Include="Microsoft.Azure.Management.Network" Version="20.5.0" />
     <PackageReference Include="Microsoft.Azure.Management.RecoveryServices" Version="4.3.1-preview" />
-	<PackageReference Include="Microsoft.Azure.Management.RecoveryServices.Backup" Version="4.1.6-preview" />
+	<PackageReference Include="Microsoft.Azure.Management.RecoveryServices.Backup" Version="4.1.9-preview" />
   </ItemGroup>
 
   <ItemGroup>

src/RecoveryServices/RecoveryServices.Backup.Test/RecoveryServices.Backup.Test.csproj

@@ -157,5 +157,14 @@ public void TestAzureVMCrossRegionRestore()
             TestController.NewInstance.RunPsTest(
                 _logger, PsBackupProviderTypes.IaasVm, "Test-AzureVMCrossRegionRestore");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(TestConstants.Workload, TestConstants.AzureVM)]
+        public void TestAzureVMRestoreWithMSI()
+        {
+            TestController.NewInstance.RunPsTest(
+                _logger, PsBackupProviderTypes.IaasVm, "Test-AzureVMRestoreWithMSI");
+        }
     }
 }

src/RecoveryServices/RecoveryServices.Backup.Test/ScenarioTests/IaasVm/ItemTests.cs

@@ -12,6 +12,44 @@
 # limitations under the License.
 # ----------------------------------------------------------------------------------
 
+function Test-AzureVMRestoreWithMSI
+{
+	$location = "centraluseuap"
+	$resourceGroupName = "hiagarg"
+	$vaultName = "hiagaVault"
+	$vmName = "VM;iaasvmcontainerv2;hiagarg;hiagavm"
+	$saName = "hiagasa"
+
+	try
+	{
+		# Setup
+		$vault = Get-AzRecoveryServicesVault -ResourceGroupName $resourceGroupName -Name $vaultName
+		$item = Get-AzRecoveryServicesBackupItem -BackupManagementType AzureVM -WorkloadType AzureVM `
+			-VaultId $vault.ID -Name $vmName
+
+		$backupJob = Backup-Item $vault $item
+		$backupStartTime = $backupJob.StartTime.AddMinutes(-1);
+		$backupEndTime = $backupJob.EndTime.AddMinutes(1);
+		
+		$rp = Get-AzRecoveryServicesBackupRecoveryPoint `
+			-VaultId $vault.ID `
+			-StartDate $backupStartTime `
+			-EndDate $backupEndTime `
+			-Item $item; 		
+
+		$restoreJob1 = Restore-AzRecoveryServicesBackupItem -VaultId $vault.ID -VaultLocation $vault.Location `
+			-RecoveryPoint $rp[0] -StorageAccountName $saName -StorageAccountResourceGroupName `
+			$vault.ResourceGroupName -RestoreOnlyOSDisk -TargetResourceGroupName $vault.ResourceGroupName `
+			-UseSystemAssignedIdentity | Wait-AzRecoveryServicesBackupJob -VaultId $vault.ID
+
+		Assert-True { $restoreJob1.Status -eq "Completed" }   
+	}
+	finally
+	{
+		# no Cleanup		
+	}
+}
+
 function Test-AzureVMCrossRegionRestore
 {
 	$location = "centraluseuap"