[Dataprotection] az dataprotection backup-instance update-msi-permissions: Fix --operation Restore for --datasource-type AzureCosmosDB#9890
Conversation
az dataprotection backup-instance update-msi-permissions with --datasource-type AzureCosmosDB --operation Restore was raising 'Set permissions for restore is currently not supported for given DataSourceType' because AzureCosmosDB was missing from the allow-list. Add AzureCosmosDB to the allow-list so the command correctly assigns Cosmos DB Operator on the target account to the backup vault MSI. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
️✔️Azure CLI Extensions Breaking Change Test
|
microsoft-github-policy-service
Bot
requested review from
calvinhzy,
evelyn-ys and
yonzhan
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Fixes az dataprotection backup-instance update-msi-permissions --datasource-type AzureCosmosDB --operation Restore by allowing AzureCosmosDB for the Restore operation and bumping the extension version.
Changes:
- Added
AzureCosmosDBto the Restore allow-list used byupdate-msi-permissions. - Bumped extension version to
1.11.1. - Documented the fix in
HISTORY.rst.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/dataprotection/setup.py | Bumps package version to 1.11.1. |
| src/dataprotection/azext_dataprotection/manual/custom.py | Permits AzureCosmosDB for --operation Restore in MSI permission updates. |
| src/dataprotection/HISTORY.rst | Adds release notes for 1.11.1 describing the fix. |
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
|
calvinhzy
changed the title
az dataprotection backup-instance update-msi-permissions: Fix --operation Restore for --datasource-type AzureCosmosDB
|
Please add test for this fix. |
…ore MSI permissions Adds test_dataprotection_update_msi_permissions_cosmosdb_restore that verifies update-msi-permissions --operation Restore for AzureCosmosDB correctly assigns Cosmos DB Operator on the target Cosmos DB account. This is the regression test for the fix in custom.py that added AzureCosmosDB to the Restore operation allow-list. Verified live: 1 passed in 154.41s. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
Hi @calvinhzy, added live test that covers this permission assignment change. |
|
[Release] Update index.json for extension [ dataprotection-1.11.1 ] : https://dev.azure.com/msazure/One/_build/results?buildId=165027074&view=results |
Problem
az dataprotection backup-instance update-msi-permissions --datasource-type AzureCosmosDB --operation Restoreraised:This is a bug introduced in #9745 (Cosmos DB onboarding, released as 1.11.0) —
AzureCosmosDBwas not added to the allow-list for theRestoreoperation.Fix
Add
AzureCosmosDBto the allow-list incustom.py(line 552-553) so the command correctly assignsCosmos DB Operatoron the target Cosmos DB account to the backup vault's managed identity.Testing
Tested end-to-end live against subscription
97cda027-4279-4cde-b4ff-19afa0021d87(cosmos-bugbash-CLIrg-5):update-msi-permissions --operation Backupupdate-msi-permissions --operation Restorevalidate-for-restorerestore trigger→ jobChangelog
Version bumped to
1.11.1.