[Backup] az backup restore restore-disks: Add new parameter --cvm-os-des-id to specify the Disk Encryption Set ID to use for OS disk encryption (#31853)

Author: SourabhSomnathGholap

src/azure-cli/azure/cli/command_modules/backup/_params.py

@@ -403,6 +403,7 @@ def load_arguments(self, _):
         c.argument('tenant_id', help='ID of the tenant if the Resource Guard protecting the vault exists in a different tenant.')
         c.argument('disk_access_option', arg_type=get_enum_type(allowed_disk_access_options), help='Specify the disk access option for target disks.')
         c.argument('target_disk_access_id', help='Specify the target disk access ID when --disk-access-option is set to EnablePrivateAccessForAllDisks')
+        c.argument('cvm_os_des_id', options_list=['--cvm-os-des-id', '--cvm-os-disk-encryption-set-id'], help='Specify the Disk Encryption Set ID to use for OS disk encryption during restore of a Confidential VM. This is applicable only for Confidential VMs with managed disks. Please ensure that Disk Encryption Set has access to the Key vault.')
 
     with self.argument_context('backup restore restore-azurefileshare') as c:
         c.argument('resolve_conflict', resolve_conflict_type)

src/azure-cli/azure/cli/command_modules/backup/custom.py

@@ -27,7 +27,8 @@
     BackupResourceVaultConfig, BackupResourceVaultConfigResource, DiskExclusionProperties, ExtendedProperties, \
     MoveRPAcrossTiersRequest, RecoveryPointRehydrationInfo, IaasVMRestoreWithRehydrationRequest, IdentityInfo, \
     BackupStatusRequest, ListRecoveryPointsRecommendedForMoveRequest, IdentityBasedRestoreDetails, ScheduleRunType, \
-    UnlockDeleteRequest, ResourceGuardProxyBase, ResourceGuardProxyBaseResource, TargetDiskNetworkAccessSettings
+    UnlockDeleteRequest, ResourceGuardProxyBase, ResourceGuardProxyBaseResource, TargetDiskNetworkAccessSettings, \
+    SecuredVMDetails
 from azure.mgmt.recoveryservicesbackup.passivestamp.models import CrrJobRequest, CrossRegionRestoreRequest
 
 import azure.cli.command_modules.backup._validators as validators
@@ -1405,7 +1406,7 @@ def restore_disks(cmd, client, resource_group_name, vault_name, container_name,
                   mi_user_assigned=None, target_zone=None, restore_mode='AlternateLocation', target_vm_name=None,
                   target_vnet_name=None, target_vnet_resource_group=None, target_subnet_name=None,
                   target_subscription_id=None, storage_account_resource_group=None, restore_to_edge_zone=None,
-                  tenant_id=None, disk_access_option=None, target_disk_access_id=None):
+                  tenant_id=None, disk_access_option=None, target_disk_access_id=None, cvm_os_des_id=None):
     vault = vaults_cf(cmd.cli_ctx).get(resource_group_name, vault_name)
     vault_location = vault.location
     vault_identity = vault.identity
@@ -1540,6 +1541,11 @@ def restore_disks(cmd, client, resource_group_name, vault_name, container_name,
             cust_help.get_resource_guard_operation_request(
                 cmd.cli_ctx, resource_group_name, vault_name, "RecoveryServicesRestore")]
 
+    if cvm_os_des_id is not None:
+        trigger_restore_request.properties.secured_vm_details = SecuredVMDetails(
+            secured_vmos_disk_encryption_set_id=cvm_os_des_id
+        )
+
     # Trigger restore
     result = client.begin_trigger(vault_name, resource_group_name, fabric_name, container_uri, item_uri, rp_name,
                                   trigger_restore_request, cls=cust_help.get_pipeline_response, polling=False).result()

src/azure-cli/azure/cli/command_modules/backup/custom_base.py

@@ -420,7 +420,8 @@ def restore_disks(cmd, client, resource_group_name, vault_name, container_name,
                   mi_user_assigned=None, target_zone=None, restore_mode='AlternateLocation', target_vm_name=None,
                   target_vnet_name=None, target_vnet_resource_group=None, target_subnet_name=None,
                   target_subscription_id=None, storage_account_resource_group=None, restore_to_edge_zone=None,
-                  tenant_id=None, disk_access_option=None, target_disk_access_id=None):
+                  tenant_id=None, disk_access_option=None, target_disk_access_id=None,
+                  cvm_os_des_id=None):
 
     if rehydration_duration < 10 or rehydration_duration > 30:
         raise InvalidArgumentValueError('--rehydration-duration must have a value between 10 and 30 (both inclusive).')
@@ -438,7 +439,7 @@ def restore_disks(cmd, client, resource_group_name, vault_name, container_name,
                                 mi_system_assigned, mi_user_assigned, target_zone, restore_mode, target_vm_name,
                                 target_vnet_name, target_vnet_resource_group, target_subnet_name,
                                 target_subscription_id, storage_account_resource_group, restore_to_edge_zone,
-                                tenant_id, disk_access_option, target_disk_access_id)
+                                tenant_id, disk_access_option, target_disk_access_id, cvm_os_des_id)
 
 
 def enable_for_azurefileshare(cmd, client, resource_group_name, vault_name, policy_name, storage_account,