def update_policy_for_item(cmd, client, resource_group_name, vault_name, item, policy, tenant_id=None,
is_critical_operation=False):
if item.properties.backup_management_type != policy.properties.backup_management_type:
raise CLIError(
"""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to update the policy for the workload.
""")
container_uri = cust_help.get_protection_container_uri_from_id(item.id)
item_uri = cust_help.get_protected_item_uri_from_id(item.id)
backup_item_type = item_uri.split(';')[0]
if not cust_help.is_sql(backup_item_type) and not cust_help.is_hana(backup_item_type):
raise InvalidArgumentValueError("Item must be either of type SQLDataBase or SAPHanaDatabase.")
item_properties = _get_protected_item_instance(backup_item_type)
item_properties.policy_id = policy.id
param = ProtectedItemResource(properties=item_properties)
if is_critical_operation:
existing_policy_name = item.properties.policy_id.split('/')[-1]
existing_policy = common.show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name,
existing_policy_name)
if cust_help.is_retention_duration_decreased(existing_policy, policy, "AzureWorkload"):
# update the payload with critical operation and add auxiliary header for cross tenant case
if tenant_id is not None:
client = get_mgmt_service_client(cmd.cli_ctx, RecoveryServicesBackupClient,
aux_tenants=[tenant_id]).protected_items
param.properties.resource_guard_operation_requests = [cust_help.get_resource_guard_operation_request(
cmd.cli_ctx, resource_group_name, vault_name, "updateProtection")]
# Update policy
result = client.create_or_update(vault_name, resource_group_name, fabric_name,
container_uri, item_uri, param, cls=cust_help.get_pipeline_response)
return cust_help.track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
def resume_protection(cmd,
client,
resource_group_name,
vault_name,
container_name,
item_name,
policy_name,
workload_type=None,
backup_management_type=None):
items_client = backup_protected_items_cf(cmd.cli_ctx)
item = show_item(cmd, items_client, resource_group_name, vault_name,
container_name, item_name, backup_management_type,
workload_type)
custom_help.validate_item(item)
if isinstance(item, list):
raise ValidationError(
"Multiple items found. Please give native names instead.")
policy = show_policy(protection_policies_cf(cmd.cli_ctx),
resource_group_name, vault_name, policy_name)
custom_help.validate_policy(policy)
if item.properties.backup_management_type.lower() == "azureiaasvm":
return custom.resume_protection(cmd, client, resource_group_name,
vault_name, item, policy)
if item.properties.backup_management_type.lower() == "azurestorage":
return custom_afs.resume_protection(cmd, client, resource_group_name,
vault_name, item, policy)
if item.properties.backup_management_type.lower() == "azureworkload":
return custom_wl.resume_protection(cmd, client, resource_group_name,
vault_name, item, policy)
return None
def update_policy_for_item(cmd, client, resource_group_name, vault_name, container_name, item_name, policy_name,
container_type="AzureIaasVM", item_type="VM"):
# Client factories
backup_protected_items_client = backup_protected_items_cf(cmd.cli_ctx)
# Get objects from JSON files
item = show_item(cmd, backup_protected_items_client, resource_group_name, vault_name, container_name, item_name,
container_type, item_type)
policy = show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name, policy_name)
_validate_policy(policy)
if item.properties.backup_management_type != policy.properties.backup_management_type:
raise CLIError(
"""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to update the policy for the workload.
""")
# Get container and item URIs
container_uri = _get_protection_container_uri_from_id(item.id)
item_uri = _get_protected_item_uri_from_id(item.id)
# Update policy request
vm_item_properties = _get_vm_item_properties_from_vm_id(item.properties.virtual_machine_id)
vm_item_properties.policy_id = policy.id
vm_item_properties.source_resource_id = item.properties.source_resource_id
vm_item = ProtectedItemResource(properties=vm_item_properties)
# Update policy
result = sdk_no_wait(True, client.create_or_update,
vault_name, resource_group_name, fabric_name, container_uri, item_uri, vm_item)
return _track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
def auto_enable_for_azure_wl(cmd, client, resource_group_name, vault_name, policy_name, protectable_item_name,
protectable_item_type, server_name, workload_type):
policy_object = show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name, policy_name)
protectable_items_client = backup_protectable_items_cf(cmd.cli_ctx)
protectable_item = show_protectable_item(cmd, protectable_items_client, resource_group_name, vault_name,
protectable_item_name, server_name, protectable_item_type, workload_type)
return custom_wl.auto_enable_for_azure_wl(client, resource_group_name, vault_name, policy_object,
protectable_item)
def enable_for_AzureFileShare(cmd, client, resource_group_name, vault_name, afs_name,
storage_account_name, policy_name):
# get registered storage accounts
storage_account = None
containers_client = backup_protection_containers_cf(cmd.cli_ctx)
registered_containers = common.list_containers(containers_client, resource_group_name, vault_name, "AzureStorage")
storage_account = _get_storage_account_from_list(registered_containers, storage_account_name)
# get unregistered storage accounts
if storage_account is None:
unregistered_containers = list_protectable_containers(cmd.cli_ctx, resource_group_name, vault_name)
storage_account = _get_storage_account_from_list(unregistered_containers, storage_account_name)
if storage_account is None:
# refresh containers in the vault
protection_containers_client = protection_containers_cf(cmd.cli_ctx)
filter_string = helper.get_filter_string({'backupManagementType': "AzureStorage"})
refresh_result = protection_containers_client.refresh(vault_name, resource_group_name, fabric_name,
filter=filter_string, raw=True)
helper.track_refresh_operation(cmd.cli_ctx, refresh_result, vault_name, resource_group_name)
# refetch the protectable containers after refresh
unregistered_containers = list_protectable_containers(cmd.cli_ctx, resource_group_name, vault_name)
storage_account = _get_storage_account_from_list(unregistered_containers, storage_account_name)
if storage_account is None:
raise CLIError("Storage account not found or not supported.")
# register storage account
protection_containers_client = protection_containers_cf(cmd.cli_ctx)
properties = AzureStorageContainer(backup_management_type="AzureStorage",
source_resource_id=storage_account.properties.container_id,
workload_type="AzureFileShare")
param = ProtectionContainerResource(properties=properties)
result = protection_containers_client.register(vault_name, resource_group_name, fabric_name,
storage_account.name, param, raw=True)
helper.track_register_operation(cmd.cli_ctx, result, vault_name, resource_group_name, storage_account.name)
policy = common.show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name, policy_name)
helper.validate_policy(policy)
protectable_item = _get_protectable_item_for_afs(cmd.cli_ctx, vault_name, resource_group_name, afs_name,
storage_account)
helper.validate_azurefileshare_item(protectable_item)
container_uri = helper.get_protection_container_uri_from_id(protectable_item.id)
item_uri = helper.get_protectable_item_uri_from_id(protectable_item.id)
item_properties = AzureFileshareProtectedItem()
item_properties.policy_id = policy.id
item_properties.source_resource_id = protectable_item.properties.parent_container_fabric_id
item = ProtectedItemResource(properties=item_properties)
result = client.create_or_update(vault_name, resource_group_name, fabric_name,
container_uri, item_uri, item, raw=True)
return helper.track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
def enable_protection_for_vm(cmd, client, resource_group_name, vault_name, vm,
policy_name):
vm_name, vm_rg = _get_resource_name_and_rg(resource_group_name, vm)
vm = virtual_machines_cf(cmd.cli_ctx).get(vm_rg, vm_name)
vault = vaults_cf(cmd.cli_ctx).get(resource_group_name, vault_name)
policy = show_policy(protection_policies_cf(cmd.cli_ctx),
resource_group_name, vault_name, policy_name)
if vm.location.lower() != vault.location.lower():
raise CLIError("""
The VM should be in the same location as that of the Recovery Services vault to enable protection.
""")
if policy.properties.backup_management_type != BackupManagementType.azure_iaas_vm.value:
raise CLIError("""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to protect the workload.
""")
# Get protectable item.
protectable_item = _get_protectable_item_for_vm(cmd.cli_ctx, vault_name,
resource_group_name,
vm_name, vm_rg)
if protectable_item is None:
raise CLIError("""
The specified Azure Virtual Machine Not Found. Possible causes are
1. VM does not exist
2. The VM name or the Service name needs to be case sensitive
3. VM is already Protected with same or other Vault.
Please Unprotect VM first and then try to protect it again.
Please contact Microsoft for further assistance.
""")
# Construct enable protection request object
container_uri = _get_protection_container_uri_from_id(protectable_item.id)
item_uri = _get_protectable_item_uri_from_id(protectable_item.id)
vm_item_properties = _get_vm_item_properties_from_vm_type(vm.type)
vm_item_properties.policy_id = policy.id
vm_item_properties.source_resource_id = protectable_item.properties.virtual_machine_id
vm_item = ProtectedItemResource(properties=vm_item_properties)
# Trigger enable protection and wait for completion
result = client.create_or_update(vault_name,
resource_group_name,
fabric_name,
container_uri,
item_uri,
vm_item,
raw=True)
return _track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
def update_policy_for_item(cmd,
client,
resource_group_name,
vault_name,
item,
policy,
tenant_id=None,
is_critical_operation=False):
if item.properties.backup_management_type != policy.properties.backup_management_type:
raise CLIError("""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to update the policy for the workload.
""")
# Get container and item URIs
container_uri = helper.get_protection_container_uri_from_id(item.id)
item_uri = helper.get_protected_item_uri_from_id(item.id)
# Update policy request
afs_item_properties = AzureFileshareProtectedItem()
afs_item_properties.policy_id = policy.id
afs_item_properties.source_resource_id = item.properties.source_resource_id
afs_item = ProtectedItemResource(properties=afs_item_properties)
if is_critical_operation:
existing_policy_name = item.properties.policy_id.split('/')[-1]
existing_policy = common.show_policy(
protection_policies_cf(cmd.cli_ctx), resource_group_name,
vault_name, existing_policy_name)
if helper.is_retention_duration_decreased(existing_policy, policy,
"AzureStorage"):
# update the payload with critical operation and add auxiliary header for cross tenant case
if tenant_id is not None:
client = get_mgmt_service_client(
cmd.cli_ctx,
RecoveryServicesBackupClient,
aux_tenants=[tenant_id]).protected_items
afs_item.properties.resource_guard_operation_requests = [
helper.get_resource_guard_operation_request(
cmd.cli_ctx, resource_group_name, vault_name,
"updateProtection")
]
# Update policy
result = client.create_or_update(vault_name,
resource_group_name,
fabric_name,
container_uri,
item_uri,
afs_item,
cls=helper.get_pipeline_response)
return helper.track_backup_job(cmd.cli_ctx, result, vault_name,
resource_group_name)
def update_policy_for_item(cmd,
client,
resource_group_name,
vault_name,
container_name,
item_name,
policy_name,
workload_type=None,
backup_management_type=None,
tenant_id=None):
items_client = backup_protected_items_cf(cmd.cli_ctx)
item = show_item(cmd, items_client, resource_group_name, vault_name,
container_name, item_name, backup_management_type,
workload_type)
custom_help.validate_item(item)
if isinstance(item, list):
raise ValidationError(
"Multiple items found. Please give native names instead.")
policy = show_policy(protection_policies_cf(cmd.cli_ctx),
resource_group_name, vault_name, policy_name)
custom_help.validate_policy(policy)
is_critical_operation = custom_help.has_resource_guard_mapping(
cmd.cli_ctx, resource_group_name, vault_name, "updateProtection")
if item.properties.backup_management_type.lower() == "azureiaasvm":
return custom.update_policy_for_item(cmd, client, resource_group_name,
vault_name, item, policy,
tenant_id, is_critical_operation)
if item.properties.backup_management_type.lower() == "azurestorage":
return custom_afs.update_policy_for_item(cmd, client,
resource_group_name,
vault_name, item, policy,
tenant_id,
is_critical_operation)
if item.properties.backup_management_type.lower() == "azureworkload":
return custom_wl.update_policy_for_item(cmd, client,
resource_group_name,
vault_name, item, policy,
tenant_id,
is_critical_operation)
return None
def enable_protection_for_vm(cmd, client, resource_group_name, vault_name, vm, policy_name, diskslist=None,
disk_list_setting=None, exclude_all_data_disks=None):
vm_name, vm_rg = _get_resource_name_and_rg(resource_group_name, vm)
vm = virtual_machines_cf(cmd.cli_ctx).get(vm_rg, vm_name)
vault = vaults_cf(cmd.cli_ctx).get(resource_group_name, vault_name)
policy = show_policy(protection_policies_cf(cmd.cli_ctx), resource_group_name, vault_name, policy_name)
# throw error if policy has more than 1000 protected VMs.
if policy.properties.protected_items_count >= 1000:
raise CLIError("Cannot configure backup for more than 1000 VMs per policy")
if vm.location.lower() != vault.location.lower():
raise CLIError(
"""
The VM should be in the same location as that of the Recovery Services vault to enable protection.
""")
if policy.properties.backup_management_type != BackupManagementType.azure_iaas_vm.value:
raise CLIError(
"""
The policy type should match with the workload being protected.
Use the relevant get-default policy command and use it to protect the workload.
""")
# Get protectable item.
protectable_item = _get_protectable_item_for_vm(cmd.cli_ctx, vault_name, resource_group_name, vm_name, vm_rg)
if protectable_item is None:
raise CLIError(
"""
The specified Azure Virtual Machine Not Found. Possible causes are
1. VM does not exist
2. The VM name or the Service name needs to be case sensitive
3. VM is already Protected with same or other Vault.
Please Unprotect VM first and then try to protect it again.
Please contact Microsoft for further assistance.
""")
# Construct enable protection request object
container_uri = _get_protection_container_uri_from_id(protectable_item.id)
item_uri = _get_protectable_item_uri_from_id(protectable_item.id)
vm_item_properties = _get_vm_item_properties_from_vm_type(vm.type)
vm_item_properties.policy_id = policy.id
vm_item_properties.source_resource_id = protectable_item.properties.virtual_machine_id
if disk_list_setting is not None:
if diskslist is None:
raise CLIError("Please provide LUNs of disks that will be included or excluded.")
is_inclusion_list = False
if disk_list_setting == "include":
is_inclusion_list = True
disk_exclusion_properties = DiskExclusionProperties(disk_lun_list=diskslist,
is_inclusion_list=is_inclusion_list)
extended_properties = ExtendedProperties(disk_exclusion_properties=disk_exclusion_properties)
vm_item_properties.extended_properties = extended_properties
elif exclude_all_data_disks:
disk_exclusion_properties = DiskExclusionProperties(disk_lun_list=[],
is_inclusion_list=True)
extended_properties = ExtendedProperties(disk_exclusion_properties=disk_exclusion_properties)
vm_item_properties.extended_properties = extended_properties
vm_item = ProtectedItemResource(properties=vm_item_properties)
# Trigger enable protection and wait for completion
result = client.create_or_update(vault_name, resource_group_name, fabric_name,
container_uri, item_uri, vm_item, raw=True)
return _track_backup_job(cmd.cli_ctx, result, vault_name, resource_group_name)
