def update_policy_for_item(cmd, client, resource_group_name, vault_name, item,
policy):
if item.properties.backup_management_type != policy.properties.backup_management_type:
raise CLIError("""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to update the policy for the workload.
""")
# Get container and item URIs
container_uri = helper.get_protection_container_uri_from_id(item.id)
item_uri = helper.get_protected_item_uri_from_id(item.id)
# Update policy request
afs_item_properties = AzureFileshareProtectedItem()
afs_item_properties.policy_id = policy.id
afs_item_properties.source_resource_id = item.properties.source_resource_id
afs_item = ProtectedItemResource(properties=afs_item_properties)
# Update policy
result = client.create_or_update(vault_name,
resource_group_name,
fabric_name,
container_uri,
item_uri,
afs_item,
raw=True)
return helper.track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
def update_policy_for_item(cmd, client, resource_group_name, vault_name, item,
policy):
if item.properties.backup_management_type != policy.properties.backup_management_type:
raise CLIError("""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to update the policy for the workload.
""")
item_properties = item.properties
item_properties.policy_id = policy.id
container_uri = cust_help.get_protection_container_uri_from_id(item.id)
item_uri = cust_help.get_protected_item_uri_from_id(item.id)
param = ProtectedItemResource(properties=item_properties)
# Update policy
result = client.create_or_update(vault_name,
resource_group_name,
fabric_name,
container_uri,
item_uri,
param,
raw=True)
return cust_help.track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
def undelete_protection(cmd, client, resource_group_name, vault_name, item):
container_uri = cust_help.get_protection_container_uri_from_id(item.id)
item_uri = cust_help.get_protected_item_uri_from_id(item.id)
backup_item_type = item_uri.split(';')[0]
if not cust_help.is_sql(backup_item_type) and not cust_help.is_hana(
backup_item_type):
raise ValidationError("""
Item must be either of type SQLDataBase or SAPHanaDatabase.
""")
properties = _get_protected_item_instance(backup_item_type)
properties.protection_state = 'ProtectionStopped'
properties.policy_id = ''
properties.is_rehydrate = True
param = ProtectedItemResource(properties=properties)
result = client.create_or_update(vault_name,
resource_group_name,
fabric_name,
container_uri,
item_uri,
param,
raw=True)
return cust_help.track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
def update_policy_for_item(cmd, client, resource_group_name, vault_name, item,
policy):
if item.properties.backup_management_type != policy.properties.backup_management_type:
raise CLIError("""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to update the policy for the workload.
""")
# throw error if policy has more than 100 protected VMs.
if policy.properties.protected_items_count >= 100:
raise CLIError(
"Cannot configure backup for more than 100 VMs per policy")
# Get container and item URIs
container_uri = _get_protection_container_uri_from_id(item.id)
item_uri = _get_protected_item_uri_from_id(item.id)
# Update policy request
vm_item_properties = _get_vm_item_properties_from_vm_id(
item.properties.virtual_machine_id)
vm_item_properties.policy_id = policy.id
vm_item_properties.source_resource_id = item.properties.source_resource_id
vm_item = ProtectedItemResource(properties=vm_item_properties)
# Update policy
result = sdk_no_wait(True, client.create_or_update, vault_name,
resource_group_name, fabric_name, container_uri,
item_uri, vm_item)
return _track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
def update_policy_for_item(cmd, client, resource_group_name, vault_name, item,
policy):
if item.properties.backup_management_type != policy.properties.backup_management_type:
raise CLIError("""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to update the policy for the workload.
""")
container_uri = cust_help.get_protection_container_uri_from_id(item.id)
item_uri = cust_help.get_protected_item_uri_from_id(item.id)
backup_item_type = item_uri.split(';')[0]
if not cust_help.is_sql(backup_item_type) and not cust_help.is_hana(
backup_item_type):
raise InvalidArgumentValueError(
"Item must be either of type SQLDataBase or SAPHanaDatabase.")
item_properties = _get_protected_item_instance(backup_item_type)
item_properties.policy_id = policy.id
param = ProtectedItemResource(properties=item_properties)
# Update policy
result = client.create_or_update(vault_name,
resource_group_name,
fabric_name,
container_uri,
item_uri,
param,
raw=True)
return cust_help.track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
def disable_protection(cmd, client, resource_group_name, vault_name, item,
delete_backup_data):
container_uri = cust_help.get_protection_container_uri_from_id(item.id)
item_uri = cust_help.get_protected_item_uri_from_id(item.id)
backup_item_type = item_uri.split(';')[0]
if not cust_help.is_sql(backup_item_type) and not cust_help.is_hana(
backup_item_type):
raise CLIError("""
Item must be either of type SQLDataBase or SAPHanaDatabase.
""")
if delete_backup_data:
result = sdk_no_wait(True, client.delete, vault_name,
resource_group_name, fabric_name, container_uri,
item_uri)
return cust_help.track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
properties = _get_protected_item_instance(backup_item_type)
properties.protection_state = 'ProtectionStopped'
properties.policy_id = ''
param = ProtectedItemResource(properties=properties)
# Trigger disable protection and wait for completion
result = sdk_no_wait(True, client.create_or_update, vault_name,
resource_group_name, fabric_name, container_uri,
item_uri, param)
return cust_help.track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
def update_policy_for_item(cmd, client, resource_group_name, vault_name, container_name, item_name, policy_name,
container_type="AzureIaasVM", item_type="VM"):
# Client factories
backup_protected_items_client = backup_protected_items_cf(cmd.cli_ctx)
# Get objects from JSON files
item = show_item(cmd, backup_protected_items_client, resource_group_name, vault_name, container_name, item_name,
container_type, item_type)
policy = show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name, policy_name)
_validate_policy(policy)
if item.properties.backup_management_type != policy.properties.backup_management_type:
raise CLIError(
"""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to update the policy for the workload.
""")
# Get container and item URIs
container_uri = _get_protection_container_uri_from_id(item.id)
item_uri = _get_protected_item_uri_from_id(item.id)
# Update policy request
vm_item_properties = _get_vm_item_properties_from_vm_id(item.properties.virtual_machine_id)
vm_item_properties.policy_id = policy.id
vm_item_properties.source_resource_id = item.properties.source_resource_id
vm_item = ProtectedItemResource(properties=vm_item_properties)
# Update policy
result = sdk_no_wait(True, client.create_or_update,
vault_name, resource_group_name, fabric_name, container_uri, item_uri, vm_item)
return _track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
def disable_protection_with_retain_data(self, container_name, protected_item_name, protected_item):
protected_item_resource = ProtectedItemResource(
properties=AzureIaaSComputeVMProtectedItem(source_resource_id=protected_item.virtual_machine_id,
protection_state=ProtectionState.protection_stopped,
)
)
response = self.backup_client.protected_items.create_or_update(
self.vault_name, self.resource_group, self.fabric_name, container_name, protected_item_name,
protected_item_resource, raw=True
)
self._validate_operation_response(response)
job_response = self._get_operation_response(
response,
lambda operation_id: self.backup_client.protected_item_operation_results.get(
self.vault_name, self.resource_group, self.fabric_name, container_name, protected_item_name, operation_id, raw=True,
),
lambda operation_id: self.backup_client.protected_item_operation_statuses.get(
self.vault_name, self.resource_group, self.fabric_name, container_name, protected_item_name, operation_id,
),
)
self.context.assertIsNotNone(job_response.job_id)
return job_response.job_id
def disable_protection(cmd,
client,
resource_group_name,
vault_name,
item,
delete_backup_data=False,
**kwargs):
# Get container and item URIs
container_uri = helper.get_protection_container_uri_from_id(item.id)
item_uri = helper.get_protected_item_uri_from_id(item.id)
# Trigger disable protection and wait for completion
if delete_backup_data:
result = sdk_no_wait(True, client.delete, vault_name,
resource_group_name, fabric_name, container_uri,
item_uri)
return helper.track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
afs_item_properties = AzureFileshareProtectedItem()
afs_item_properties.policy_id = ''
afs_item_properties.protection_state = ProtectionState.protection_stopped
afs_item_properties.source_resource_id = item.properties.source_resource_id
afs_item = ProtectedItemResource(properties=afs_item_properties)
result = sdk_no_wait(True, client.create_or_update, vault_name,
resource_group_name, fabric_name, container_uri,
item_uri, afs_item)
return helper.track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
def update_protection_for_vm(cmd, client, resource_group_name, vault_name, item, diskslist=None,
disk_list_setting=None, exclude_all_data_disks=None):
container_uri = _get_protection_container_uri_from_id(item.id)
item_uri = item.name
vm_type = '/'.join(item.properties.virtual_machine_id.split('/')[-3:-1])
vm_item_properties = _get_vm_item_properties_from_vm_type(vm_type)
vm_item_properties.policy_id = item.properties.policy_id
vm_item_properties.source_resource_id = item.properties.virtual_machine_id
if disk_list_setting is not None:
if disk_list_setting.lower() == "resetexclusionsettings":
disk_exclusion_properties = None
else:
if diskslist is None:
raise CLIError("Please provide LUNs of disks that will be included or excluded.")
is_inclusion_list = False
if disk_list_setting.lower() == "include":
is_inclusion_list = True
disk_exclusion_properties = DiskExclusionProperties(disk_lun_list=diskslist,
is_inclusion_list=is_inclusion_list)
extended_properties = ExtendedProperties(disk_exclusion_properties=disk_exclusion_properties)
vm_item_properties.extended_properties = extended_properties
elif exclude_all_data_disks:
disk_exclusion_properties = DiskExclusionProperties(disk_lun_list=[],
is_inclusion_list=True)
extended_properties = ExtendedProperties(disk_exclusion_properties=disk_exclusion_properties)
vm_item_properties.extended_properties = extended_properties
vm_item = ProtectedItemResource(properties=vm_item_properties)
# Trigger enable protection and wait for completion
result = client.create_or_update(vault_name, resource_group_name, fabric_name,
container_uri, item_uri, vm_item, raw=True)
return _track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
def enable_protection(self, container_name, protected_item_name,
policy_name):
policy = self.get_policy_with_retries(policy_name)
self.context.assertIsNotNone(policy)
self.client.protection_containers.refresh(
self.vault_name, self.resource_group,
self.test_definition.fabric_name)
protectable_items = self.client.backup_protectable_items.list(
self.vault_name, self.resource_group)
desired_protectable_item = next(
protectable_item for protectable_item in protectable_items if
protectable_item.name.lower() in container_name.lower()).properties
self.context.assertIsNotNone(desired_protectable_item)
protected_item_resource = ProtectedItemResource(
properties=AzureIaaSComputeVMProtectedItem(
policy_id=policy.id,
source_resource_id=desired_protectable_item.virtual_machine_id)
)
response = self.client.protected_items.create_or_update(
self.vault_name,
self.resource_group,
self.fabric_name,
container_name,
protected_item_name,
protected_item_resource,
raw=True)
self._validate_operation_response(response)
job_response = self._get_operation_response(
container_name,
protected_item_name,
response,
lambda operation_id: self.client.protected_item_operation_results.
get(
self.vault_name,
self.resource_group,
self.fabric_name,
container_name,
protected_item_name,
operation_id,
raw=True,
),
lambda operation_id: self.client.protected_item_operation_statuses.
get(
self.vault_name,
self.resource_group,
self.fabric_name,
container_name,
protected_item_name,
operation_id,
),
)
self.context.assertIsNotNone(job_response.job_id)
return job_response.job_id
def _get_disable_protection_request(item):
if item.properties.workload_type == WorkloadType.vm.value:
vm_item_properties = _get_vm_item_properties_from_vm_id(item.properties.virtual_machine_id)
vm_item_properties.policy_id = ''
vm_item_properties.protection_state = ProtectionState.protection_stopped
vm_item_properties.source_resource_id = item.properties.source_resource_id
vm_item = ProtectedItemResource(properties=vm_item_properties)
return vm_item
def enable_for_AzureFileShare(cmd, client, resource_group_name, vault_name, afs_name,
storage_account_name, policy_name):
# get registered storage accounts
storage_account = None
containers_client = backup_protection_containers_cf(cmd.cli_ctx)
registered_containers = common.list_containers(containers_client, resource_group_name, vault_name, "AzureStorage")
storage_account = _get_storage_account_from_list(registered_containers, storage_account_name)
# get unregistered storage accounts
if storage_account is None:
unregistered_containers = list_protectable_containers(cmd.cli_ctx, resource_group_name, vault_name)
storage_account = _get_storage_account_from_list(unregistered_containers, storage_account_name)
if storage_account is None:
# refresh containers in the vault
protection_containers_client = protection_containers_cf(cmd.cli_ctx)
filter_string = helper.get_filter_string({'backupManagementType': "AzureStorage"})
refresh_result = protection_containers_client.refresh(vault_name, resource_group_name, fabric_name,
filter=filter_string, raw=True)
helper.track_refresh_operation(cmd.cli_ctx, refresh_result, vault_name, resource_group_name)
# refetch the protectable containers after refresh
unregistered_containers = list_protectable_containers(cmd.cli_ctx, resource_group_name, vault_name)
storage_account = _get_storage_account_from_list(unregistered_containers, storage_account_name)
if storage_account is None:
raise CLIError("Storage account not found or not supported.")
# register storage account
protection_containers_client = protection_containers_cf(cmd.cli_ctx)
properties = AzureStorageContainer(backup_management_type="AzureStorage",
source_resource_id=storage_account.properties.container_id,
workload_type="AzureFileShare")
param = ProtectionContainerResource(properties=properties)
result = protection_containers_client.register(vault_name, resource_group_name, fabric_name,
storage_account.name, param, raw=True)
helper.track_register_operation(cmd.cli_ctx, result, vault_name, resource_group_name, storage_account.name)
policy = common.show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name, policy_name)
helper.validate_policy(policy)
protectable_item = _get_protectable_item_for_afs(cmd.cli_ctx, vault_name, resource_group_name, afs_name,
storage_account)
helper.validate_azurefileshare_item(protectable_item)
container_uri = helper.get_protection_container_uri_from_id(protectable_item.id)
item_uri = helper.get_protectable_item_uri_from_id(protectable_item.id)
item_properties = AzureFileshareProtectedItem()
item_properties.policy_id = policy.id
item_properties.source_resource_id = protectable_item.properties.parent_container_fabric_id
item = ProtectedItemResource(properties=item_properties)
result = client.create_or_update(vault_name, resource_group_name, fabric_name,
container_uri, item_uri, item, raw=True)
return helper.track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
def enable_protection_for_vm(cmd, client, resource_group_name, vault_name, vm,
policy_name):
vm_name, vm_rg = _get_resource_name_and_rg(resource_group_name, vm)
vm = virtual_machines_cf(cmd.cli_ctx).get(vm_rg, vm_name)
vault = vaults_cf(cmd.cli_ctx).get(resource_group_name, vault_name)
policy = show_policy(protection_policies_cf(cmd.cli_ctx),
resource_group_name, vault_name, policy_name)
if vm.location.lower() != vault.location.lower():
raise CLIError("""
The VM should be in the same location as that of the Recovery Services vault to enable protection.
""")
if policy.properties.backup_management_type != BackupManagementType.azure_iaas_vm.value:
raise CLIError("""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to protect the workload.
""")
# Get protectable item.
protectable_item = _get_protectable_item_for_vm(cmd.cli_ctx, vault_name,
resource_group_name,
vm_name, vm_rg)
if protectable_item is None:
raise CLIError("""
The specified Azure Virtual Machine Not Found. Possible causes are
1. VM does not exist
2. The VM name or the Service name needs to be case sensitive
3. VM is already Protected with same or other Vault.
Please Unprotect VM first and then try to protect it again.
Please contact Microsoft for further assistance.
""")
# Construct enable protection request object
container_uri = _get_protection_container_uri_from_id(protectable_item.id)
item_uri = _get_protectable_item_uri_from_id(protectable_item.id)
vm_item_properties = _get_vm_item_properties_from_vm_type(vm.type)
vm_item_properties.policy_id = policy.id
vm_item_properties.source_resource_id = protectable_item.properties.virtual_machine_id
vm_item = ProtectedItemResource(properties=vm_item_properties)
# Trigger enable protection and wait for completion
result = client.create_or_update(vault_name,
resource_group_name,
fabric_name,
container_uri,
item_uri,
vm_item,
raw=True)
return _track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
def enable_recovery_services_backup():
credentials, subscription_id = get_credentials()
backup_client = RecoveryServicesBackupClient(credentials, subscription_id)
container_name = "iaasvmcontainer;iaasvmcontainerv2;{};{}".format(
az_resource_group_name, az_vm_name)
fabric_name = "Azure"
protected_item_name = "vm;iaasvmcontainerv2;{};{}".format(
az_resource_group_name, az_vm_name)
policy = backup_client.protection_policies.get(
az_recovery_services_vault_name, az_resource_group_name,
az_recovery_services_backup_policy_name)
response = backup_client.protection_containers.refresh(
az_recovery_services_vault_name,
az_resource_group_name,
fabric_name,
raw=True)
_get_operation_response(
response,
lambda operation_id: backup_client.
protection_container_refresh_operation_results.get(
az_recovery_services_vault_name,
az_resource_group_name,
fabric_name,
operation_id,
raw=True,
),
None,
)
iaasvm_odata_filter = "backupManagementType eq '{}'".format('AzureIaasVM')
protectable_items = backup_client.backup_protectable_items.list(
az_recovery_services_vault_name,
az_resource_group_name,
filter=iaasvm_odata_filter,
raw=True)
for protectable_item in protectable_items:
if protectable_item.name.lower() in container_name.lower():
desired_protectable_item = protectable_item.properties
protected_item_resource = ProtectedItemResource(
properties=AzureIaaSComputeVMProtectedItem(
policy_id=policy.id,
source_resource_id=desired_protectable_item.virtual_machine_id))
response = backup_client.protected_items.create_or_update(
az_recovery_services_vault_name,
az_resource_group_name,
fabric_name,
container_name,
protected_item_name,
protected_item_resource,
raw=True)
job_response = _get_operation_response(
response,
lambda operation_id: backup_client.protected_item_operation_results.
get(
az_recovery_services_vault_name,
az_resource_group_name,
fabric_name,
container_name,
protected_item_name,
operation_id,
raw=True,
),
lambda operation_id: backup_client.protected_item_operation_statuses.
get(
az_recovery_services_vault_name,
az_resource_group_name,
fabric_name,
container_name,
protected_item_name,
operation_id,
),
)
wait_for_job_completion(job_response.job_id)
print('Backup enabled for {}'.format(az_vm_name))
exit(0)
def enable_protection_for_vm(cmd, client, resource_group_name, vault_name, vm, policy_name, diskslist=None,
disk_list_setting=None, exclude_all_data_disks=None):
vm_name, vm_rg = _get_resource_name_and_rg(resource_group_name, vm)
vm = virtual_machines_cf(cmd.cli_ctx).get(vm_rg, vm_name)
vault = vaults_cf(cmd.cli_ctx).get(resource_group_name, vault_name)
policy = show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name, policy_name)
# throw error if policy has more than 1000 protected VMs.
if policy.properties.protected_items_count >= 1000:
raise CLIError("Cannot configure backup for more than 1000 VMs per policy")
if vm.location.lower() != vault.location.lower():
raise CLIError(
"""
The VM should be in the same location as that of the Recovery Services vault to enable protection.
""")
if policy.properties.backup_management_type != BackupManagementType.azure_iaas_vm.value:
raise CLIError(
"""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to protect the workload.
""")
# Get protectable item.
protectable_item = _get_protectable_item_for_vm(cmd.cli_ctx, vault_name, resource_group_name, vm_name, vm_rg)
if protectable_item is None:
raise CLIError(
"""
The specified Azure Virtual Machine Not Found. Possible causes are
1. VM does not exist
2. The VM name or the Service name needs to be case sensitive
3. VM is already Protected with same or other Vault.
Please Unprotect VM first and then try to protect it again.
Please contact Microsoft for further assistance.
""")
# Construct enable protection request object
container_uri = _get_protection_container_uri_from_id(protectable_item.id)
item_uri = _get_protectable_item_uri_from_id(protectable_item.id)
vm_item_properties = _get_vm_item_properties_from_vm_type(vm.type)
vm_item_properties.policy_id = policy.id
vm_item_properties.source_resource_id = protectable_item.properties.virtual_machine_id
if disk_list_setting is not None:
if diskslist is None:
raise CLIError("Please provide LUNs of disks that will be included or excluded.")
is_inclusion_list = False
if disk_list_setting == "include":
is_inclusion_list = True
disk_exclusion_properties = DiskExclusionProperties(disk_lun_list=diskslist,
is_inclusion_list=is_inclusion_list)
extended_properties = ExtendedProperties(disk_exclusion_properties=disk_exclusion_properties)
vm_item_properties.extended_properties = extended_properties
elif exclude_all_data_disks:
disk_exclusion_properties = DiskExclusionProperties(disk_lun_list=[],
is_inclusion_list=True)
extended_properties = ExtendedProperties(disk_exclusion_properties=disk_exclusion_properties)
vm_item_properties.extended_properties = extended_properties
vm_item = ProtectedItemResource(properties=vm_item_properties)
# Trigger enable protection and wait for completion
result = client.create_or_update(vault_name, resource_group_name, fabric_name,
container_uri, item_uri, vm_item, raw=True)
return _track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)