Added support for enabling Disk access settings for managed VM restores (#26504)

Updated help
Updated changelog
Added test case

Author: hiaga

src/RecoveryServices/RecoveryServices.Backup.Helpers/Conversions/RecoveryPointConversions.cs

@@ -367,6 +367,7 @@ public static RecoveryPointBase GetPSAzureVMRecoveryPoint(
                 Zones = recoveryPoint.Zones,
                 RehydrationExpiryTime = (DateTime?)null,
                 ExtendedLocation = recoveryPoint.ExtendedLocation,
+                IsPrivateAccessEnabledOnAnyDisk = recoveryPoint.IsPrivateAccessEnabledOnAnyDisk
             };
 
             if (recoveryPoint.RecoveryPointTierDetails != null)

src/RecoveryServices/RecoveryServices.Backup.Models/AzureVmModels/AzureVmRecoveryPoint.cs

@@ -42,7 +42,7 @@ public class AzureVmRecoveryPoint : AzureRecoveryPoint
         /// Identifies whether this recovery point represents 
         /// an encrypted VM at the time of backup.
         /// </summary>
-        public bool EncryptionEnabled { get; set; }
+        public bool EncryptionEnabled { get; set; }        
 
         /// <summary>
         /// Identifies whether an ILR session is already active 
@@ -93,6 +93,12 @@ public class AzureVmRecoveryPoint : AzureRecoveryPoint
         /// </summary>        
         public ExtendedLocation ExtendedLocation { get; set; }
 
+        /// <summary>
+        /// Identifies whether any of the disks in the VM are using
+        /// Private access network setting
+        /// </summary>
+        public bool? IsPrivateAccessEnabledOnAnyDisk { get; set; }
+
         public AzureVmRecoveryPoint()
         {
 

src/RecoveryServices/RecoveryServices.Backup.Models/CmdletParamEnums.cs

@@ -85,7 +85,9 @@ public enum RestoreVMBackupItemParams
         TargetVNetResourceGroup,
         TargetSubnetName,
         TargetSubscriptionId,
-        RestoreToEdgeZone
+        RestoreToEdgeZone,
+        DiskAccessOption,
+        TargetDiskAccessId
     }
 
     public enum RestoreFSBackupItemParams

src/RecoveryServices/RecoveryServices.Backup.Providers/Providers/IaasVmPsBackupProvider.cs

@@ -507,7 +507,8 @@ public RestAzureNS.AzureOperationResponse TriggerRestore()
             bool restoreToEdgeZone = (bool)ProviderData[RestoreVMBackupItemParams.RestoreToEdgeZone];
             string auxiliaryAccessToken = ProviderData.ContainsKey(ResourceGuardParams.Token) ? (string)ProviderData[ResourceGuardParams.Token] : null;
             bool isMUAOperation = ProviderData.ContainsKey(ResourceGuardParams.IsMUAOperation) ? (bool)ProviderData[ResourceGuardParams.IsMUAOperation] : false;
-
+            ServiceClientModel.TargetDiskNetworkAccessOption? diskAccessOption = ProviderData.ContainsKey(RestoreVMBackupItemParams.DiskAccessOption) ? (ServiceClientModel.TargetDiskNetworkAccessOption?)ProviderData[RestoreVMBackupItemParams.DiskAccessOption] : null;
+            string targetDiskAccessId = ProviderData.ContainsKey(RestoreVMBackupItemParams.TargetDiskAccessId) ? (string)ProviderData[RestoreVMBackupItemParams.TargetDiskAccessId] : null;
 
             Dictionary<UriEnums, string> uriDict = HelperUtils.ParseUri(rp.Id);
             string containerUri = HelperUtils.GetContainerUri(uriDict, rp.Id);
@@ -629,6 +630,17 @@ public RestAzureNS.AzureOperationResponse TriggerRestore()
                 restoreRequest.ExtendedLocation = rp.ExtendedLocation;
             }
 
+            if (diskAccessOption != null)
+            {
+                restoreRequest.TargetDiskNetworkAccessSettings = new TargetDiskNetworkAccessSettings();
+                restoreRequest.TargetDiskNetworkAccessSettings.TargetDiskNetworkAccessOption = diskAccessOption;
+
+                if(!string.IsNullOrEmpty(targetDiskAccessId))
+                {
+                    restoreRequest.TargetDiskNetworkAccessSettings.TargetDiskAccessId = targetDiskAccessId;
+                }                
+            }
+
             if (restoreType == "OriginalLocation") // replace existing
             {
                 restoreRequest.RecoveryType = RecoveryType.OriginalLocation;

src/RecoveryServices/RecoveryServices.Backup.Test/ScenarioTests/IaasVm/ItemTests.cs

@@ -315,5 +315,17 @@ public void TestAzureVaultSoftDelete()
                 "Test-AzureVaultSoftDelete"
             );
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        [Trait(TestConstants.Workload, TestConstants.AzureVM)]
+        public void TestAzurePERestore()
+        {
+            TestRunner.RunTestScript(
+                $"Import-Module {_IaasVmcommonModule.AsAbsoluteLocation()}",
+                $"Import-Module {_IaasVmtestModule.AsAbsoluteLocation()}",
+                "Test-AzurePERestore"
+            );
+        }
     }
 }

src/RecoveryServices/RecoveryServices.Backup.Test/ScenarioTests/IaasVm/ItemTests.ps1

@@ -12,6 +12,41 @@
 # limitations under the License.
 # ----------------------------------------------------------------------------------
 
+function Test-AzurePERestore
+{
+	$location = "eastus2euap"
+	$resourceGroupName = "arpja"
+	$vaultName = "arpja-pe-e2e-validation-vault"
+	$vmName = "peval-ecy-win44"
+	$subId = "f2edfd5d-5496-4683-b94f-b3588c579009"
+	$subName = "sriramsa-IaaSVmBackup Canary Subscription"
+	$saName = "arpjapevalrestoresa"
+	$targetVMName = "ps-diskaccess"
+	$targetVNetName = "arpjavnet238"
+	$targetVNetRG = "arpja"
+	$targetSubnetName = "default"
+	$recoveryPointId = "252905611419763" # latest recovery point
+	$targetDiskAccessId = "/subscriptions/f2edfd5d-5496-4683-b94f-b3588c579009/resourceGroups/arpja/providers/Microsoft.Compute/diskAccesses/arpja-peval-restore-da"
+
+	try
+	{	
+		# Setup
+		$vault = Get-AzRecoveryServicesVault -ResourceGroupName $resourceGroupName -Name $vaultName
+		$item = Get-AzRecoveryServicesBackupItem -BackupManagementType AzureVM -WorkloadType AzureVM `
+			-VaultId $vault.ID | Where-Object { $_.Name -match $vmName }
+
+		$rp = Get-AzRecoveryServicesBackupRecoveryPoint -Item $item[0] -VaultId $vault.ID -RecoveryPointId $recoveryPointId
+		
+		$diskAccessRestoreJob = Restore-AzRecoveryServicesBackupItem -VaultLocation $vault.Location -RecoveryPoint $rp[0] -StorageAccountName $saName -StorageAccountResourceGroupName $vault.ResourceGroupName -TargetResourceGroupName $vault.ResourceGroupName -TargetVMName $targetVMName -TargetVNetName $targetVNetName -TargetVNetResourceGroup $targetVNetRG -TargetSubnetName $targetSubnetName -VaultId $vault.Id -DiskAccessOption EnablePrivateAccessForAllDisks -TargetDiskAccessId $targetDiskAccessId | Wait-AzRecoveryServicesBackupJob -VaultId $vault.ID
+		
+		Assert-True { $diskAccessRestoreJob.Status -eq "Completed" }
+	}
+	finally
+	{
+		Delete-VM $resourceGroupName $targetVMName
+	}
+}
+
 function Test-AzureVaultSoftDelete
 {	
 	$resourceGroupName = "hiagarg"

src/RecoveryServices/RecoveryServices.Backup.Test/SessionRecords/Microsoft.Azure.Commands.RecoveryServices.Backup.Test.ScenarioTests.ItemTests/TestAzurePERestore.json

@@ -328,6 +328,19 @@ public class RestoreAzureRmRecoveryServicesBackupItem : RSBackupVaultCmdletBase
         [Parameter(Mandatory = false, HelpMessage = ParamHelpMsgs.ResourceGuard.AuxiliaryAccessToken, ValueFromPipeline = false)]        
         public string Token;
 
+        [Parameter(Mandatory = false, ParameterSetName = AzureManagedVMCreateNewParameterSet,
+            HelpMessage = ParamHelpMsgs.RestoreVM.DiskAccessOption)]        
+        [Parameter(Mandatory = false, ParameterSetName = AzureManagedVMReplaceExistingParameterSet,
+            HelpMessage = ParamHelpMsgs.RestoreVM.DiskAccessOption)]
+        public ServiceClientModel.TargetDiskNetworkAccessOption?  DiskAccessOption { get; set; }
+
+        [Parameter(Mandatory = false, ParameterSetName = AzureManagedVMCreateNewParameterSet,
+            HelpMessage = ParamHelpMsgs.RestoreVM.TargetDiskAccessId)]
+        [Parameter(Mandatory = false, ParameterSetName = AzureManagedVMReplaceExistingParameterSet,
+            HelpMessage = ParamHelpMsgs.RestoreVM.TargetDiskAccessId)]
+        [ValidatePattern(@"^/subscriptions/[^/]+/resourceGroups/[^/]+/providers/Microsoft.Compute/diskAccesses/[^/]+$")]
+        public string TargetDiskAccessId { get; set; }
+
         public override void ExecuteCmdlet()
         {
             ExecutionBlock(() =>
@@ -430,6 +443,43 @@ public override void ExecuteCmdlet()
                     }
                 }
 
+                if (DiskAccessOption != null)
+                {
+                    AzureVmRecoveryPoint rp = (AzureVmRecoveryPoint)RecoveryPoint;
+                    if (!(bool)rp.IsPrivateAccessEnabledOnAnyDisk)
+                    {
+                        throw new ArgumentException("DiskAccessOption parameter can't be provided since private access is not enabled in given recovery point");
+                    }
+
+                    if (DiskAccessOption == ServiceClientModel.TargetDiskNetworkAccessOption.EnablePrivateAccessForAllDisks)
+                    {
+                        if (string.IsNullOrEmpty(TargetDiskAccessId))
+                        {
+                            throw new ArgumentException("TargetDiskAccessId must be provided when DiskAccessOption is set to EnablePrivateAccessForAllDisks.");
+                        }                        
+                    }
+                    else if (RestoreToSecondaryRegion.IsPresent && DiskAccessOption == ServiceClientModel.TargetDiskNetworkAccessOption.SameAsOnSourceDisks)
+                    {
+                        throw new ArgumentException("Given DiskAccessOption isn't applicable to cross region restore");
+                    }
+                    else if (!string.IsNullOrEmpty(TargetDiskAccessId))
+                    {
+                        throw new ArgumentException("TargetDiskAccessId can't be provided for the given DiskAccessOption.");
+                    }
+
+                    providerParameters.Add(RestoreVMBackupItemParams.DiskAccessOption, DiskAccessOption);
+                    providerParameters.Add(RestoreVMBackupItemParams.TargetDiskAccessId, TargetDiskAccessId);
+                }
+                else if (string.Equals(this.ParameterSetName, AzureManagedVMCreateNewParameterSet, StringComparison.Ordinal) ||
+                        string.Equals(this.ParameterSetName, AzureManagedVMReplaceExistingParameterSet, StringComparison.Ordinal))
+                {
+                    AzureVmRecoveryPoint rp = (AzureVmRecoveryPoint)RecoveryPoint;
+                    if ((bool)rp.IsPrivateAccessEnabledOnAnyDisk)
+                    {
+                        throw new ArgumentException("DiskAccessOption parameter must be provided since private access is enabled in given recovery point");
+                    }
+                }
+
                 if (TargetZoneNumber != null)
                 {   
                     // get storage type 

src/RecoveryServices/RecoveryServices.Backup/Cmdlets/Restore/RestoreAzureRMRecoveryServicesBackupItem.cs

@@ -181,6 +181,8 @@ internal static class RestoreVM
             public const string TargetVNetResourceGroup = "Name of the resource group which contains the target VNet, in the case of Alternate Location restore to a new VM";
             public const string TargetSubnetName = "Name of the subnet in which the target VM should be created, in the case of Alternate Location restore to a new VM";
             public const string TargetSubscriptionId = "ID of the target subscription to which the resource should be restored. Use this parameter for Cross subscription restore";
+            public const string DiskAccessOption = "Specifies the disk access option for target disks";
+            public const string TargetDiskAccessId = "Specifies the target disk access ID when DiskAccessOption set to EnablePrivateAccessForAllDisks";
         }
 
         internal static class RestoreFS

src/RecoveryServices/RecoveryServices.Backup/ParamHelpMsgs.cs

@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Added support for enabling Disk access settings for managed VM restores.
 
 ## Version 7.2.0
 * Fixed bug for making RecoveryAzureStorageAccountId parameter optional in `New-ASRReplicationProtectedItem` cmdlet of H2A.
@@ -27,7 +28,7 @@
 * Added additional properties to the output of Get-AzRecoveryServicesVault cmdlet - MoveDetails, MoveState, RedundancySettings, SecureScore, BcdrSecurityLevel, EncryptionProperty.
 
 ## Version 7.0.0
-* [Breaking Change] Renamed the property `ResouceType` of `ASRVaultSettings` to `ResourceType`. 
+* [Breaking Change] Renamed the property `ResouceType` of `ASRVaultSettings` to `ResourceType`.
 
 ## Version 6.9.0
 * Added support for MUA for disabling vault Immutability, increasing RPO for policy schedule, restore, stop protection with retain data.