Skip to content

[CosmosDB] Onboarding of backup and recovery experience #9745

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
calvinhzy merged 9 commits into from
May 20, 2026
Merged

[CosmosDB] Onboarding of backup and recovery experience #9745

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
5b04042
Onboard AzureCosmosDB datasource type for dataprotection CLI extension
Feb 26, 2026
97158c4
nit
Mar 30, 2026
49f9bc2
fix
Mar 30, 2026
d58b50c
Address PR feedback: commit Cosmos tests and add update-msi-permissio…
May 19, 2026
5663350
Merge branch 'main' of https://github.com/Shashank1306s/azure-cli-ext…
May 19, 2026
b4f29af
Update release version
May 19, 2026
bef1eb9
Potential fix for pull request finding
Shashank1306s May 19, 2026
a587c3c
Merge remote-tracking branch 'upstream/main' into feature/cosmoscli
May 20, 2026
edaa029
Merge branch 'feature/cosmoscli' of https://github.com/Shashank1306s/…
May 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/dataprotection/HISTORY.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

Release History
===============
1.11.0
++++++
* Added dataprotection support for AzureCosmosDB workload: new manifest (Microsoft.DocumentDB/databaseAccounts), registration in supported datasource types, datasource map, and permission help text. Added end-to-end backup/restore scenario test, unit tests for default policy template, backup-instance initialize, and restore initialize, and an update-msi-permissions live test that grants Reader/Cosmos DB Operator on the data source RG / account.

1.10.0
++++++
* Bumped API version to 2026-03-01 for backup-instance create, update, validate-for-backup, and validate-for-update commands.
Expand Down
99 changes: 99 additions & 0 deletions src/dataprotection/azext_dataprotection/manual/Manifests/AzureCosmosDB.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
# --------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# --------------------------------------------------------------------------------------------

manifest = '''
{
"isProxyResource": false,
"enableDataSourceSetInfo": false,
"resourceType": "Microsoft.DocumentDB/databaseAccounts",
"parentResourceType": "Microsoft.DocumentDB/databaseAccounts",
"datasourceType": "Microsoft.DocumentDB/databaseAccounts",
"allowedRestoreModes": [ "RecoveryPointBased" ],
"allowedRestoreTargetTypes": [ "AlternateLocation" ],
"itemLevelRecoveryEnabled": false,
"addBackupDatasourceParametersList": false,
"backupConfigurationRequired": false,
"addDataStoreParametersList": false,
"friendlyNameRequired": false,
"supportSecretStoreAuthentication": false,
"backupVaultPermissions": [
Copy link
Copy Markdown
Contributor

@zubairabid zubairabid May 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Query: have we tested if the update-msi-permissions command works as expected with this set of permissions?

Copy link
Copy Markdown
Contributor Author

@Shashank1306s Shashank1306s May 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[update-msi-permissions] worked end-to-end and the permissions it set were exactly sufficient to complete configure-protection, adhoc-backup, and AlternateLocation restore

{
"roleDefinitionName": "Reader",
"type": "DataSourceRG"
},
{
"roleDefinitionName": "Cosmos DB Operator",
"type": "DataSource"
}
],
"backupVaultRestorePermissions": [
{
"roleDefinitionName": "Cosmos DB Operator",
"type": "DataSource"
}
],
"policySettings": {
"supportedRetentionTags": [ "Weekly", "Monthly", "Yearly" ],
"supportedDatastoreTypes": [ "VaultStore" ],
"disableAddRetentionRule": false,
"disableCustomRetentionTag": false,
"backupScheduleSupported": true,
"supportedBackupFrequency": [ "Weekly" ],
"defaultPolicy": {
"policyRules": [
{
"name": "BackupWeekly",
"objectType": "AzureBackupRule",
"backupParameters": {
"backupType": "full",
"objectType": "AzureBackupParams"
},
"dataStore": {
"dataStoreType": "VaultStore",
"objectType": "DataStoreInfoBase"
},
"trigger": {
"schedule": {
"timeZone": "UTC",
"repeatingTimeIntervals": [ "R/2026-02-08T10:00:00+00:00/P1W" ]
},
"taggingCriteria": [
{
"isDefault": true,
"taggingPriority": 99,
"tagInfo": {
"id": "Default_",
"tagName": "Default"
}
}
],
"objectType": "ScheduleBasedTriggerContext"
}
},
{
"name": "Default",
"objectType": "AzureRetentionRule",
"isDefault": true,
"lifecycles": [
{
"deleteAfter": {
"duration": "P10Y",
"objectType": "AbsoluteDeleteOption"
},
"sourceDataStore": {
"dataStoreType": "VaultStore",
"objectType": "DataStoreInfoBase"
},
"targetDataStoreCopySettings": []
}
]
}
],
"datasourceTypes": [ "Microsoft.DocumentDB/databaseAccounts" ],
"objectType": "BackupPolicy",
"name": "CosmosDBPolicy1"
}
}
}'''
3 changes: 2 additions & 1 deletion src/dataprotection/azext_dataprotection/manual/Manifests/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,5 @@

supported_datasource_types = ["AzureDisk", "AzureBlob", "AzureDataLakeStorage",
"AzureDatabaseForPostgreSQL", "AzureKubernetesService",
"AzureDatabaseForPostgreSQLFlexibleServer", "AzureDatabaseForMySQL"]
"AzureDatabaseForPostgreSQLFlexibleServer", "AzureDatabaseForMySQL",
"AzureCosmosDB"]
12 changes: 11 additions & 1 deletion src/dataprotection/azext_dataprotection/manual/helpers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,8 @@
"AzureDatabaseForPostgreSQL": "Microsoft.DBforPostgreSQL/servers/databases",
"AzureKubernetesService": "Microsoft.ContainerService/managedClusters",
"AzureDatabaseForPostgreSQLFlexibleServer": "Microsoft.DBforPostgreSQL/flexibleServers",
"AzureDatabaseForMySQL": "Microsoft.DBforMySQL/flexibleServers"
"AzureDatabaseForMySQL": "Microsoft.DBforMySQL/flexibleServers",
"AzureCosmosDB": "Microsoft.DocumentDB/databaseAccounts"
}

# This is ideally temporary, as Backup Vault contains secondary region information. But in some cases
Expand Down Expand Up @@ -950,6 +951,8 @@ def get_help_word_from_permission_type(permission_type, datasource_type):
helptext_dsname = "Postgres flexible server"
if datasource_type == 'AzureDatabaseForMySQL':
helptext_dsname = "MySQL server"
if datasource_type == 'AzureCosmosDB':
helptext_dsname = "Cosmos DB account"

return helptext_dsname

Expand Down Expand Up @@ -1056,7 +1059,14 @@ def convert_dict_keys_snake_to_camel(dictionary):
return new_dictionary


_SNAKE_TO_CAMEL_OVERRIDES = {
"resource_id": "resourceID",
}


def convert_string_snake_to_camel(string):
if string in _SNAKE_TO_CAMEL_OVERRIDES:
return _SNAKE_TO_CAMEL_OVERRIDES[string]
new_string = re.sub(r'_([a-z])', lambda m: m.group(1).upper(), string)
return new_string

Expand Down
Loading
Loading