Merge remote-tracking branch 'upstream/main' into pgnanashekar/neon-code-removal

# Conflicts:
#	src/index.json
#	src/managednetworkfabric/HISTORY.rst
#	src/managednetworkfabric/setup.py

Author: Shekar2004

src/acrcssc/HISTORY.rst

@@ -3,6 +3,10 @@
 Release History
 ===============
 
+1.0.0b7
+++++++++
+* Unpin cssc image version so that the latest cached image in task infra can be automatically picked for workflow runs. This allows us to push patch updates to cssc image without needing to update the task definition and release a new version of the extension.
+
 1.0.0b6
 ++++++++
 * Fix issue with DNL registry names when scheduling tasks

src/acrcssc/azext_acrcssc/templates/task/cssc_patch_image.yaml

@@ -2,7 +2,6 @@ version: v1.1.0
 alias:
   values:
     ScanReport : os-vulnerability-report_trivy_{{ regexReplaceAll "[^a-zA-Z0-9]" .Values.SOURCE_REPOSITORY "-" }}_{{.Values.SOURCE_IMAGE_TAG}}_$(date "+%Y-%m-%d").json
-    cssc : mcr.microsoft.com/acr/cssc:1fb6e2a
 steps:
   - id: print-inputs
     cmd: |

src/acrcssc/azext_acrcssc/templates/task/cssc_scan_image.yaml

@@ -3,7 +3,6 @@ alias:
   values:
     patchimagetask: cssc-patch-image
     DATE: $(date "+%Y-%m-%d")
-    cssc : mcr.microsoft.com/acr/cssc:1fb6e2a
 steps:
   - id: print-inputs
     cmd: |

src/acrcssc/azext_acrcssc/templates/task/cssc_trigger_workflow.yaml

@@ -2,7 +2,6 @@ version: v1.1.0
 alias:
   values:
     ScanImageAndSchedulePatchTask: cssc-scan-image
-    cssc : mcr.microsoft.com/acr/cssc:1fb6e2a
     maxLimit: 100
 steps:
   - cmd: bash -c 'echo "Inside cssc-trigger-workflow task, getting list of images to be patched based on --filter-policy for Registry {{.Run.Registry}}."'

src/acrcssc/azext_acrcssc/templates/tmp_dry_run_template.yaml

@@ -1,7 +1,6 @@
 version: v1.1.0
 alias:
   values:
-    cssc : mcr.microsoft.com/acr/cssc:1fb6e2a
     maxLimit: 100
 steps:
   - id: acr-cli-filter

src/acrcssc/setup.py

@@ -13,7 +13,7 @@
     from distutils import log as logger
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
 
-VERSION = '1.0.0b6'
+VERSION = '1.0.0b7'
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers

src/dataprotection/HISTORY.rst

@@ -2,6 +2,11 @@
 
 Release History
 ===============
+1.9.0
++++++
+* `az dataprotection enable-backup trigger`: New command to enable backup for AKS clusters with a single command. Supports preset backup strategies (Week, Month, DisasterRecovery) and Custom strategy with user-provided configuration.
+* Added vendored SDKs: `azure-mgmt-containerservice` (40.2.0), `azure-mgmt-kubernetesconfiguration` (3.1.0), `azure-mgmt-resourcegraph` (8.0.0).
+
 1.8.1
 +++++
 * Documentation update for `initialize-backupconfig` and `initialize-restoreconfig` commands to clarify that the generated JSON is meant for use with other CLI commands, and may not work as an input for non-CLI scenarios without modification.

src/dataprotection/azext_dataprotection/manual/_consts.py

@@ -0,0 +1,18 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+# --------------------------------------------------------------------------------------------
+
+# AKS Backup Strategy Constants
+CONST_BACKUP_STRATEGY_WEEK = "Week"
+CONST_BACKUP_STRATEGY_MONTH = "Month"
+CONST_BACKUP_STRATEGY_DISASTER_RECOVERY = "DisasterRecovery"
+CONST_BACKUP_STRATEGY_CUSTOM = "Custom"
+
+# List of all backup strategies for AKS
+CONST_AKS_BACKUP_STRATEGIES = [
+    CONST_BACKUP_STRATEGY_WEEK,
+    CONST_BACKUP_STRATEGY_MONTH,
+    CONST_BACKUP_STRATEGY_DISASTER_RECOVERY,
+    CONST_BACKUP_STRATEGY_CUSTOM,
+]

src/dataprotection/azext_dataprotection/manual/_help.py

@@ -291,3 +291,67 @@
       - name: List of Recovery Points in a Vault
         text: az dataprotection recovery-point list --backup-instance-name "sample_biname-00000000-0000-0000-0000-000000000000" --resource-group "sample_rg" --vault-name "sample_vault"
 """
+
+helps['dataprotection enable-backup'] = """
+    type: group
+    short-summary: Enable backup for Azure resources.
+"""
+
+helps['dataprotection enable-backup trigger'] = """
+    type: command
+    short-summary: Enable backup for an AKS cluster by setting up all required resources including backup vault, policy, storage account, extension, and trusted access.
+    long-summary: |
+        This command orchestrates all the steps required to enable backup for an AKS cluster:
+          1. Creates or reuses a backup resource group, storage account, and blob container
+          2. Installs the backup extension on the cluster (or reuses an existing one)
+          3. Creates or reuses a backup vault and backup policy
+          4. Configures trusted access and role assignments
+          5. Creates a backup instance
+
+        The --backup-configuration-file parameter accepts a JSON file (@file.json) or inline JSON string with the following optional settings:
+          - storageAccountResourceId: ARM ID of an existing storage account to use
+          - blobContainerName: Name of an existing blob container (used with storageAccountResourceId)
+          - backupResourceGroupId: ARM ID of an existing resource group for backup resources
+          - backupVaultId: ARM ID of an existing backup vault (required for Custom strategy)
+          - backupPolicyId: ARM ID of an existing backup policy (required for Custom strategy)
+          - tags: Dictionary of tags to apply to created resources (e.g., {"Owner": "team", "Env": "prod"})
+
+        Backup strategy presets (--backup-strategy):
+          - Week (default): Daily incremental backups with 7-day retention in Operational Store.
+          - Month: Daily incremental backups with 30-day retention in Operational Store.
+          - DisasterRecovery: Daily incremental backups with 7-day Operational Store + 90-day Vault Store retention. FirstOfDay backups are copied to Vault Store for cross-region restore.
+          - Custom: Bring your own vault and policy. Requires backupVaultId and backupPolicyId in --backup-configuration-file.
+    examples:
+      - name: Enable backup for an AKS cluster with default Week strategy
+        text: az dataprotection enable-backup trigger --datasource-type AzureKubernetesService --datasource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.ContainerService/managedClusters/{cluster}
+      - name: Enable backup with Month strategy
+        text: az dataprotection enable-backup trigger --datasource-type AzureKubernetesService --datasource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.ContainerService/managedClusters/{cluster} --backup-strategy Month
+      - name: Enable backup with Custom strategy using existing vault and policy
+        text: |
+            az dataprotection enable-backup trigger --datasource-type AzureKubernetesService \\
+              --datasource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.ContainerService/managedClusters/{cluster} \\
+              --backup-strategy Custom \\
+              --backup-configuration-file @config.json
+
+            Where config.json contains:
+            {
+              "backupVaultId": "/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.DataProtection/backupVaults/{vault}",
+              "backupPolicyId": "/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.DataProtection/backupVaults/{vault}/backupPolicies/{policy}"
+            }
+      - name: Enable backup with resource tags for policy compliance
+        text: |
+            az dataprotection enable-backup trigger --datasource-type AzureKubernetesService \\
+              --datasource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.ContainerService/managedClusters/{cluster} \\
+              --backup-configuration-file '{"tags": {"Owner": "team", "Environment": "prod", "DeleteBy": "2026-12"}}'
+      - name: Enable backup using an existing storage account
+        text: |
+            az dataprotection enable-backup trigger --datasource-type AzureKubernetesService \\
+              --datasource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.ContainerService/managedClusters/{cluster} \\
+              --backup-configuration-file @config.json
+
+            Where config.json contains:
+            {
+              "storageAccountResourceId": "/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Storage/storageAccounts/{sa}",
+              "blobContainerName": "my-backup-container"
+            }
+"""

src/dataprotection/azext_dataprotection/manual/_params.py

@@ -42,7 +42,8 @@
     get_permission_scope_values,
     get_resource_type_values,
     get_persistent_volume_restore_mode_values,
-    get_conflict_policy_values
+    get_conflict_policy_values,
+    get_all_backup_strategies,
 )
 
 vault_name_type = CLIArgumentType(help='Name of the backup vault.', options_list=['--vault-name', '-v'], type=str)
@@ -182,6 +183,27 @@ def load_arguments(self, _):
         c.argument('restore_request_object', type=validate_file_or_dict, help='Request body for operation "Restore" Expected value: '
                    'json-string/@json-file. Required when --operation is Restore')
 
+    # Enable Backup command
+    with self.argument_context('dataprotection enable-backup trigger') as c:
+        c.argument('datasource_type', type=str, help="The type of datasource to be backed up. Supported values: AzureKubernetesService.")
+        c.argument('datasource_id', type=str, help="The full ARM resource ID of the datasource to be backed up.")
+        c.argument('backup_strategy', arg_type=get_enum_type(get_all_backup_strategies()),
+                   help="Backup strategy preset (daily incremental backups). "
+                        "For AzureKubernetesService: "
+                        "Week (7-day operational store retention), "
+                        "Month (30-day operational store retention), "
+                        "DisasterRecovery (7-day operational + 90-day vault store retention), "
+                        "Custom (bring your own vault/policy). Default: Week.")
+        c.argument('backup_configuration_file', type=validate_file_or_dict,
+                   options_list=['--backup-configuration-file', '-f'],
+                   help="Path to a JSON backup configuration file. "
+                        "Supports backupVaultId and backupPolicyId "
+                        "(required for Custom strategy). "
+                        "For workload-specific settings, "
+                        "refer to the documentation.")
+        c.argument('yes', options_list=['--yes', '-y'], action='store_true',
+                   help='Do not prompt for confirmation.')
+
     with self.argument_context('dataprotection job show') as c:
         c.argument('resource_group_name', resource_group_name_type)
         c.argument('vault_name', vault_name_type, id_part='name')