Azure · Nickcandy · Oct 30, 2024 · Oct 30, 2024 · Oct 30, 2024 · Oct 30, 2024
diff --git a/src/DataProtection/DataProtection.Autorest/README.md b/src/DataProtection/DataProtection.Autorest/README.md
@@ -450,6 +450,9 @@ directive:
   - from: source-file-csharp
     where: $
     transform: $ = $.replace('internal Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20240401.IAzureBackupRecoveryPoint Property', 'public Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20240401.IAzureBackupRecoveryPoint Property');
+  - from: source-file-csharp
+    where: $
+    transform: $ = $.replace('internal Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20240401.INamespacedNameResource ResourceModifierReference', 'public Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20240401.INamespacedNameResource ResourceModifierReference');
 ```
 
 ## Alternate settings

diff --git a/src/DataProtection/DataProtection.Autorest/build-module.ps1 b/src/DataProtection/DataProtection.Autorest/build-module.ps1
@@ -12,7 +12,7 @@
 # Code generated by Microsoft (R) AutoRest Code Generator.Changes may cause incorrect behavior and will be lost if the code
 # is regenerated.
 # ----------------------------------------------------------------------------------
-param([switch]$Isolated, [switch]$Run, [switch]$Test, [switch]$Docs, [switch]$Pack, [switch]$Code, [switch]$Release, [switch]$Debugger, [switch]$NoDocs)
+param([switch]$Isolated, [switch]$Run, [switch]$Test, [switch]$Docs, [switch]$Pack, [switch]$Code, [switch]$Release, [switch]$Debugger, [switch]$NoDocs, [Switch]$DisableAfterBuildTasks)
 $ErrorActionPreference = 'Stop'
 
 if($PSEdition -ne 'Core') {
@@ -67,6 +67,8 @@ if(-not $Isolated -and -not $Debugger) {
 $binFolder = Join-Path $PSScriptRoot 'bin'
 $objFolder = Join-Path $PSScriptRoot 'obj'
 
+$isAzure = [System.Convert]::ToBoolean('true')
+
 if(-not $Debugger) {
   Write-Host -ForegroundColor Green 'Cleaning build folders...'
   $null = Remove-Item -Recurse -ErrorAction SilentlyContinue -Path $binFolder, $objFolder
@@ -143,7 +145,7 @@ if($NoDocs) {
     $null = Get-ChildItem -Path $docsFolder -Recurse -Exclude 'README.md' | Remove-Item -Recurse -ErrorAction SilentlyContinue
   }
   $null = New-Item -ItemType Directory -Force -Path $docsFolder
-  $addComplexInterfaceInfo = ![System.Convert]::ToBoolean('true')
+  $addComplexInterfaceInfo = !$isAzure
   Export-ProxyCmdlet -ModuleName $moduleName -ModulePath $modulePaths -ExportsFolder $exportsFolder -InternalFolder $internalFolder -ModuleDescription $moduleDescription -DocsFolder $docsFolder -ExamplesFolder $examplesFolder -ModuleGuid $guid -AddComplexInterfaceInfo:$addComplexInterfaceInfo
 }
 
@@ -169,4 +171,13 @@ if (Test-Path (Join-Path $PSScriptRoot 'generate-portal-ux.ps1'))
   . (Join-Path $PSScriptRoot 'generate-portal-ux.ps1')
 }
 
-Write-Host -ForegroundColor Green '-------------Done-------------'
+if (-not $DisableAfterBuildTasks){
+  $afterBuildTasksPath = Join-Path $PSScriptRoot ''
+  $afterBuildTasksArgs = ConvertFrom-Json 'true' -AsHashtable
+  if(Test-Path -Path $afterBuildTasksPath -PathType leaf){
+    Write-Host -ForegroundColor Green 'Running after build tasks...'
+    . $afterBuildTasksPath @afterBuildTasksArgs
+  }
+}
+
+Write-Host -ForegroundColor Green '-------------Done-------------'
diff --git a/...otection.Autorest/custom/Cmdlets/Common/Unlock-AzDataProtectionResourceGuardOperation.ps1 b/...otection.Autorest/custom/Cmdlets/Common/Unlock-AzDataProtectionResourceGuardOperation.ps1
@@ -27,10 +27,14 @@ function Unlock-AzDataProtectionResourceGuardOperation
         [System.String]
         ${ResourceToBeDeleted},
 
-        [Parameter(ParameterSetName="UnlockDelete", Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx").Token to fetch authorization token for different tenant.')]
+        [Parameter(ParameterSetName="UnlockDelete", Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -AsSecureString").Token to fetch secure authorization token for different tenant and then convert to string using ConvertFrom-SecureString cmdlet.')]
         [System.String]
         ${Token},
 
+        [Parameter(ParameterSetName="UnlockDelete", Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -AsSecureString").Token to fetch authorization token for different tenant.')]
+        [System.Security.SecureString]
+        ${SecureToken},
+
         [Parameter()]
         [Alias('AzureRMContext', 'AzureCredential')]
         [ValidateNotNull()]
@@ -103,10 +107,21 @@ function Unlock-AzDataProtectionResourceGuardOperation
             $null = $PSBoundParameters.Add("ResourceGuardOperationRequest", $ResourceGuardOperationRequestInternal)
         }
 
-        if($PSBoundParameters.ContainsKey("Token"))
-        {            
-            $null = $PSBoundParameters.Remove("Token")
-            $null = $PSBoundParameters.Add("Token", "Bearer $Token")
+        $hasToken = $PSBoundParameters.Remove("Token")
+        $hasSecureToken = $PSBoundParameters.Remove("SecureToken")
+        if($hasToken -or $hasSecureToken)
+        {   
+            if($hasSecureToken -and $hasToken){
+                throw "Both Token and SecureToken parameters cannot be provided together"
+            }
+            elseif($hasToken){
+                Write-Warning -Message 'The Token parameter is deprecated and will be removed in future versions. Please use SecureToken instead.'
+                $null = $PSBoundParameters.Add("Token", "Bearer $Token")
+            }
+            else{
+                $plainToken = UnprotectSecureString -SecureString $SecureToken
+                $null = $PSBoundParameters.Add("Token", "Bearer $plainToken")
+            }
         }
 
         Az.DataProtection.Internal\Unlock-AzDataProtectionDppResourceGuardProxyDelete @PSBoundParameters

diff --git a/...rest/custom/Cmdlets/Platform/BackupInstance/Initialize-AzDataProtectionBackupInstance.ps1 b/...rest/custom/Cmdlets/Platform/BackupInstance/Initialize-AzDataProtectionBackupInstance.ps1
@@ -1,7 +1,4 @@
-
-
-
-function Initialize-AzDataProtectionBackupInstance {
+function Initialize-AzDataProtectionBackupInstance {
     [OutputType('Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20240401.IBackupInstanceResource')]
     [CmdletBinding(PositionalBinding=$false)]
     [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Description('Initializes Backup instance Request object for configuring backup')]
@@ -156,7 +153,7 @@ function Initialize-AzDataProtectionBackupInstance {
 
             if($BackupConfiguration -ne $null){
                 $backupInstanceResource.Property.PolicyInfo.PolicyParameter.BackupDatasourceParametersList += @($BackupConfiguration)
-            }            
+            }
         }
         elseif($ExcludedResourceType -ne $null -or $IncludedResourceType -ne $null -or $ExcludedNamespace -ne $null -or $IncludedNamespace -ne $null -or $LabelSelector -ne $null -or $SnapshotVolume -ne $null -or $IncludeClusterScopeResource -ne $null){
             $errormsg = "ExcludedResourceType, IncludedResourceType, ExcludedNamespace, IncludedNamespace, LabelSelector, SnapshotVolume, IncludeClusterScopeResource parameters are not applicable for given DatasourceType. Please ensure to remove them"

diff --git a/.../custom/Cmdlets/Platform/BackupInstance/Stop-AzDataProtectionBackupInstanceProtection.ps1 b/.../custom/Cmdlets/Platform/BackupInstance/Stop-AzDataProtectionBackupInstanceProtection.ps1
@@ -31,10 +31,14 @@ function Stop-AzDataProtectionBackupInstanceProtection
         [System.String[]]
         ${ResourceGuardOperationRequest},
 
-        [Parameter(Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx").Token to fetch authorization token for different tenant.')]
+        [Parameter(Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -AsSecureString").Token to fetch secure authorization token for different tenant and then convert to string using ConvertFrom-SecureString cmdlet.')]
         [System.String]        
         ${Token},
 
+        [Parameter(Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -AsSecureString").Token to fetch authorization token for different tenant.')]
+        [System.Security.SecureString]
+        ${SecureToken},
+
         [Parameter()]
         [Alias('AzureRMContext', 'AzureCredential')]
         [ValidateNotNull()]
@@ -104,10 +108,21 @@ function Stop-AzDataProtectionBackupInstanceProtection
             $null = $PSBoundParameters.Add("Parameter", $Parameter)
         }
 
-        if($PSBoundParameters.ContainsKey("Token"))
-        {            
-            $null = $PSBoundParameters.Remove("Token")
-            $null = $PSBoundParameters.Add("Token", "Bearer $Token")
+        $hasToken = $PSBoundParameters.Remove("Token")
+        $hasSecureToken = $PSBoundParameters.Remove("SecureToken")
+        if($hasToken -or $hasSecureToken)
+        {   
+            if($hasSecureToken -and $hasToken){
+                throw "Both Token and SecureToken parameters cannot be provided together"
+            }
+            elseif($hasToken){
+                Write-Warning -Message 'The Token parameter is deprecated and will be removed in future versions. Please use SecureToken instead.'
+                $null = $PSBoundParameters.Add("Token", "Bearer $Token")
+            }
+            else{
+                $plainToken = UnprotectSecureString -SecureString $SecureToken
+                $null = $PSBoundParameters.Add("Token", "Bearer $plainToken")
+            }
         }
 
         Az.DataProtection.Internal\Stop-AzDataProtectionBackupInstanceProtection @PSBoundParameters

diff --git a/...t/custom/Cmdlets/Platform/BackupInstance/Suspend-AzDataProtectionBackupInstanceBackup.ps1 b/...t/custom/Cmdlets/Platform/BackupInstance/Suspend-AzDataProtectionBackupInstanceBackup.ps1
@@ -31,10 +31,14 @@ function Suspend-AzDataProtectionBackupInstanceBackup
         [System.String[]]
         ${ResourceGuardOperationRequest},
 
-        [Parameter(Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx").Token to fetch authorization token for different tenant.')]
-        [System.String]        
+        [Parameter(Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -AsSecureString").Token to fetch secure authorization token for different tenant and then convert to string using ConvertFrom-SecureString cmdlet.')]
+        [System.String]
         ${Token},
 
+        [Parameter(Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -AsSecureString").Token to fetch authorization token for different tenant.')]
+        [System.Security.SecureString]
+        ${SecureToken},
+
         [Parameter()]
         [Alias('AzureRMContext', 'AzureCredential')]
         [ValidateNotNull()]
@@ -104,11 +108,22 @@ function Suspend-AzDataProtectionBackupInstanceBackup
             $null = $PSBoundParameters.Add("Parameter", $Parameter)
         }
 
-        if($PSBoundParameters.ContainsKey("Token"))
-        {            
-            $null = $PSBoundParameters.Remove("Token")
-            $null = $PSBoundParameters.Add("Token", "Bearer $Token")
-        }                
+        $hasToken = $PSBoundParameters.Remove("Token")
+        $hasSecureToken = $PSBoundParameters.Remove("SecureToken")
+        if($hasToken -or $hasSecureToken)
+        {   
+            if($hasSecureToken -and $hasToken){
+                throw "Both Token and SecureToken parameters cannot be provided together"
+            }
+            elseif($hasToken){
+                Write-Warning -Message 'The Token parameter is deprecated and will be removed in future versions. Please use SecureToken instead.'
+                $null = $PSBoundParameters.Add("Token", "Bearer $Token")
+            }
+            else{
+                $plainToken = UnprotectSecureString -SecureString $SecureToken
+                $null = $PSBoundParameters.Add("Token", "Bearer $plainToken")
+            }
+        }               
 
         Az.DataProtection.Internal\Suspend-AzDataProtectionBackupInstanceBackup @PSBoundParameters
     }

diff --git a/...Autorest/custom/Cmdlets/Platform/BackupInstance/Update-AzDataProtectionBackupInstance.ps1 b/...Autorest/custom/Cmdlets/Platform/BackupInstance/Update-AzDataProtectionBackupInstance.ps1
@@ -29,7 +29,19 @@ function Update-AzDataProtectionBackupInstance
 
         [Parameter(Mandatory=$false, HelpMessage='List of containers to be backed up inside the VaultStore. Use this parameter for DatasourceType AzureBlob.')]
         [System.String[]]
-        ${VaultedBackupContainer},        
+        ${VaultedBackupContainer},
+
+        [Parameter(Mandatory=$false, HelpMessage='Resource guard operation request in the format similar to <ResourceGuard-ARMID>/dppModifyPolicy/default. Use this parameter when the operation is MUA protected.')]
+        [System.String[]]
+        ${ResourceGuardOperationRequest},
+
+        [Parameter(Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -AsSecureString").Token to fetch secure authorization token for different tenant and then convert to string using ConvertFrom-SecureString cmdlet.')]
+        [System.String]
+        ${Token},
+
+        [Parameter(Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -AsSecureString").Token to fetch authorization token for different tenant.')]
+        [System.Security.SecureString]
+        ${SecureToken},
 
         [Parameter()]
         [Alias('AzureRMContext', 'AzureCredential')]
@@ -91,7 +103,7 @@ function Update-AzDataProtectionBackupInstance
 
         if($hasPolicyId){
             $instance.Property.PolicyInfo.PolicyId = $PolicyId
-        }        
+        }
 
         $DatasourceType =  GetClientDatasourceType -ServiceDatasourceType $instance.Property.DataSourceInfo.Type 
         # $manifest = LoadManifest -DatasourceType $DatasourceType.ToString()
@@ -131,6 +143,33 @@ function Update-AzDataProtectionBackupInstance
         # deep validate for update-BI
         $instance.Property.ValidationType = "DeepValidation"
 
+        $hasResourceGuardOperationRequest = $PSBoundParameters.Remove("ResourceGuardOperationRequest")
+        if($hasResourceGuardOperationRequest){
+            $instance.Property.ResourceGuardOperationRequest = $ResourceGuardOperationRequest
+        }
+
+        $hasToken = $PSBoundParameters.Remove("Token")
+        $hasSecureToken = $PSBoundParameters.Remove("SecureToken")
+        if($hasToken -or $hasSecureToken)
+        {   
+            if($hasSecureToken -and $hasToken){
+                throw "Both Token and SecureToken parameters cannot be provided together"
+            }
+            elseif($hasToken){
+                Write-Warning -Message 'The Token parameter is deprecated and will be removed in future versions. Please use SecureToken instead.'
+                $null = $PSBoundParameters.Add("Token", "Bearer $Token")
+            }
+            else{
+                $plainToken = UnprotectSecureString -SecureString $SecureToken
+                $null = $PSBoundParameters.Add("Token", "Bearer $plainToken")
+            }
+        }
+
+        # Explicitly setting the whole DSSetInfo object as null when ResourceID is null
+        if($instance.Property.DataSourceSetInfo.ResourceId -eq $null){
+            $instance.Property.DataSourceSetInfo =$null      
+        }
+
         $null = $PSBoundParameters.Remove("BackupInstanceName")
         $null = $PSBoundParameters.Add("Name", $instance.Name)
         $null = $PSBoundParameters.Add("Parameter", $instance)

diff --git a/...Cmdlets/Platform/BackupInstance/Update-AzDataProtectionBackupInstanceAssociatedPolicy.ps1 b/...Cmdlets/Platform/BackupInstance/Update-AzDataProtectionBackupInstanceAssociatedPolicy.ps1
@@ -26,6 +26,18 @@ function Update-AzDataProtectionBackupInstanceAssociatedPolicy
         [Parameter(Mandatory, HelpMessage='Id of the Policy to be associated with the backup instance')]
         [System.String]
         ${PolicyId},
+
+        [Parameter(Mandatory=$false, HelpMessage='Resource guard operation request in the format similar to <ResourceGuard-ARMID>/dppModifyPolicy/default. Use this parameter when the operation is MUA protected.')]
+        [System.String[]]
+        ${ResourceGuardOperationRequest},
+
+        [Parameter(Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -AsSecureString").Token to fetch secure authorization token for different tenant and then convert to string using ConvertFrom-SecureString cmdlet.')]
+        [System.String]
+        ${Token},
+
+        [Parameter(Mandatory=$false, HelpMessage='Parameter to authorize operations protected by cross tenant resource guard. Use command (Get-AzAccessToken -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -AsSecureString").Token to fetch authorization token for different tenant.')]
+        [System.Security.SecureString]
+        ${SecureToken},
 
         [Parameter()]
         [Alias('AzureRMContext', 'AzureCredential')]
@@ -84,8 +96,36 @@ function Update-AzDataProtectionBackupInstanceAssociatedPolicy
         $instance = Az.DataProtection\Get-AzDataProtectionBackupInstance @PSBoundParameters
         $instance.Property.PolicyInfo.PolicyId = $PolicyId
         $null = $PSBoundParameters.Remove("BackupInstanceName")
+
+        $hasResourceGuardOperationRequest = $PSBoundParameters.Remove("ResourceGuardOperationRequest")
+        if($hasResourceGuardOperationRequest){
+            $instance.Property.ResourceGuardOperationRequest = $ResourceGuardOperationRequest
+        }
+
+        # Explicitly setting the whole DSSetInfo object as null when ResourceID is null
+        if($instance.Property.DataSourceSetInfo.ResourceId -eq $null){
+            $instance.Property.DataSourceSetInfo =$null      
+        }
+
         $null = $PSBoundParameters.Add("Parameter", $instance)
-        $null = $PSBoundParameters.Add("Name", $instance.Name)
+        $null = $PSBoundParameters.Add("Name", $instance.Name)        
+
+        $hasToken = $PSBoundParameters.Remove("Token")
+        $hasSecureToken = $PSBoundParameters.Remove("SecureToken")
+        if($hasToken -or $hasSecureToken)
+        {   
+            if($hasSecureToken -and $hasToken){
+                throw "Both Token and SecureToken parameters cannot be provided together"
+            }
+            elseif($hasToken){
+                Write-Warning -Message 'The Token parameter is deprecated and will be removed in future versions. Please use SecureToken instead.'
+                $null = $PSBoundParameters.Add("Token", "Bearer $Token")
+            }
+            else{
+                $plainToken = UnprotectSecureString -SecureString $SecureToken
+                $null = $PSBoundParameters.Add("Token", "Bearer $plainToken")
+            }
+        }
 
         Az.DataProtection.Internal\New-AzDataProtectionBackupInstance  @PSBoundParameters
     }

diff --git a/...on.Autorest/custom/Cmdlets/Platform/Restore/Initialize-AzDataProtectionRestoreRequest.ps1 b/...on.Autorest/custom/Cmdlets/Platform/Restore/Initialize-AzDataProtectionRestoreRequest.ps1
@@ -121,7 +121,7 @@
         [Parameter(ParameterSetName="AlternateLocationILR", Mandatory=$false, HelpMessage='Restore configuration for restore. Use this parameter to restore with AzureKubernetesService.')]
         [Parameter(ParameterSetName="OriginalLocationFullRecovery", Mandatory=$false, HelpMessage='Restore configuration for restore. Use this parameter to restore with AzureKubernetesService.')]
         [Parameter(ParameterSetName="AlternateLocationFullRecovery", Mandatory=$false, HelpMessage='Restore configuration for restore. Use this parameter to restore with AzureKubernetesService.')]
-        [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20240401.KubernetesClusterRestoreCriteria]
+        [PSObject]
         ${RestoreConfiguration},
 
         [Parameter(ParameterSetName="OriginalLocationFullRecovery", Mandatory=$false, HelpMessage='Secret uri for secret store authentication of data source. This parameter is only supported for AzureDatabaseForPostgreSQL currently.')]
@@ -327,7 +327,7 @@
                 else{
                     $errormsg = "Please input parameter RestoreConfiguration for AKS cluster restore. Use command New-AzDataProtectionRestoreConfigurationClientObject for creating the RestoreConfiguration"
     		        throw $errormsg
-                }                
+                }
 
                 $restoreCriteriaList += ($restoreCriteria)
             }