2018-02-28 01:35:35 +00:00
|
|
|
/*
|
2021-02-18 18:30:52 +00:00
|
|
|
Copyright the Velero contributors.
|
2018-02-28 01:35:35 +00:00
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
package restic
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
2018-09-25 21:46:29 +00:00
|
|
|
"os"
|
2022-08-08 11:46:30 +00:00
|
|
|
"strconv"
|
2023-08-03 07:58:05 +00:00
|
|
|
"strings"
|
2018-06-06 21:32:28 +00:00
|
|
|
"time"
|
2018-02-28 01:35:35 +00:00
|
|
|
|
|
|
|
|
"github.com/pkg/errors"
|
2022-08-08 11:46:30 +00:00
|
|
|
"github.com/sirupsen/logrus"
|
2018-02-28 01:35:35 +00:00
|
|
|
|
Use Credential from BSL for restic commands (#3489)
* Use Credential from BSL for restic commands
This change introduces support for restic to make use of per-BSL
credentials. It makes use of the `credentials.FileStore` introduced in
PR #3442 to write the BSL credentials to disk. To support per-BSL
credentials for restic, the environment for the restic commands needs to
be modified for each provider to ensure that the credentials are
provided via the correct provider specific environment variables.
This change introduces a new function `restic.CmdEnv` to check the BSL
provider and create the correct mapping of environment variables for
each provider.
Previously, AWS and GCP could rely on the environment variables in the
Velero deployments to obtain the credentials file, but now these
environment variables need to be set with the path to the serialized
credentials file if a credential is set on the BSL.
For Azure, the credentials file in the environment was loaded and parsed
to set the environment variables for restic. Now, we check if the BSL
has a credential, and if it does, load and parse that file instead.
This change also introduces a few other small improvements. Now that we
are fetching the BSL to check for the `Credential` field, we can use the
BSL directly to get the `CACert` which means that we can remove the
`GetCACert` function. Also, now that we have a way to serialize secrets
to disk, we can use the `credentials.FileStore` to get a temp file for
the restic repo password and remove the `restic.TempCredentialsFile`
function.
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Add documentation for per-BSL credentials
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review feedback
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review comments
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
2021-03-11 18:10:51 +00:00
|
|
|
"github.com/vmware-tanzu/velero/internal/credentials"
|
2019-09-30 21:26:56 +00:00
|
|
|
velerov1api "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
|
2022-07-29 08:06:18 +00:00
|
|
|
repoconfig "github.com/vmware-tanzu/velero/pkg/repository/config"
|
2019-09-30 21:26:56 +00:00
|
|
|
"github.com/vmware-tanzu/velero/pkg/util/filesystem"
|
2018-02-28 01:35:35 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
2019-08-06 20:40:35 +00:00
|
|
|
|
|
|
|
|
// DefaultMaintenanceFrequency is the default time interval
|
2019-09-10 18:58:42 +00:00
|
|
|
// at which restic prune is run.
|
|
|
|
|
DefaultMaintenanceFrequency = 7 * 24 * time.Hour
|
2018-02-28 01:35:35 +00:00
|
|
|
|
2022-08-08 11:46:30 +00:00
|
|
|
// insecureSkipTLSVerifyKey is the flag in BackupStorageLocation's config
|
|
|
|
|
// to indicate whether to skip TLS verify to setup insecure HTTPS connection.
|
|
|
|
|
insecureSkipTLSVerifyKey = "insecureSkipTLSVerify"
|
|
|
|
|
|
|
|
|
|
// resticInsecureTLSFlag is the flag for Restic command line to indicate
|
|
|
|
|
// skip TLS verify on https connection.
|
|
|
|
|
resticInsecureTLSFlag = "--insecure-tls"
|
2018-02-28 01:35:35 +00:00
|
|
|
)
|
|
|
|
|
|
2020-03-24 21:50:48 +00:00
|
|
|
// TempCACertFile creates a temp file containing a CA bundle
|
|
|
|
|
// and returns its path. The caller should generally call os.Remove()
|
|
|
|
|
// to remove the file when done with it.
|
|
|
|
|
func TempCACertFile(caCert []byte, bsl string, fs filesystem.Interface) (string, error) {
|
|
|
|
|
file, err := fs.TempFile("", fmt.Sprintf("cacert-%s", bsl))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", errors.WithStack(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if _, err := file.Write(caCert); err != nil {
|
|
|
|
|
// nothing we can do about an error closing the file here, and we're
|
|
|
|
|
// already returning an error about the write failing.
|
|
|
|
|
file.Close()
|
|
|
|
|
return "", errors.WithStack(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
name := file.Name()
|
|
|
|
|
|
|
|
|
|
if err := file.Close(); err != nil {
|
|
|
|
|
return "", errors.WithStack(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return name, nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-03 07:58:05 +00:00
|
|
|
// environ is a slice of strings representing the environment, in the form "key=value".
|
|
|
|
|
type environ []string
|
|
|
|
|
|
|
|
|
|
// Unset a single environment variable.
|
|
|
|
|
func (e *environ) Unset(key string) {
|
|
|
|
|
for i := range *e {
|
|
|
|
|
if strings.HasPrefix((*e)[i], key+"=") {
|
|
|
|
|
(*e)[i] = (*e)[len(*e)-1]
|
|
|
|
|
*e = (*e)[:len(*e)-1]
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Use Credential from BSL for restic commands (#3489)
* Use Credential from BSL for restic commands
This change introduces support for restic to make use of per-BSL
credentials. It makes use of the `credentials.FileStore` introduced in
PR #3442 to write the BSL credentials to disk. To support per-BSL
credentials for restic, the environment for the restic commands needs to
be modified for each provider to ensure that the credentials are
provided via the correct provider specific environment variables.
This change introduces a new function `restic.CmdEnv` to check the BSL
provider and create the correct mapping of environment variables for
each provider.
Previously, AWS and GCP could rely on the environment variables in the
Velero deployments to obtain the credentials file, but now these
environment variables need to be set with the path to the serialized
credentials file if a credential is set on the BSL.
For Azure, the credentials file in the environment was loaded and parsed
to set the environment variables for restic. Now, we check if the BSL
has a credential, and if it does, load and parse that file instead.
This change also introduces a few other small improvements. Now that we
are fetching the BSL to check for the `Credential` field, we can use the
BSL directly to get the `CACert` which means that we can remove the
`GetCACert` function. Also, now that we have a way to serialize secrets
to disk, we can use the `credentials.FileStore` to get a temp file for
the restic repo password and remove the `restic.TempCredentialsFile`
function.
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Add documentation for per-BSL credentials
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review feedback
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review comments
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
2021-03-11 18:10:51 +00:00
|
|
|
// CmdEnv returns a list of environment variables (in the format var=val) that
|
|
|
|
|
// should be used when running a restic command for a particular backend provider.
|
|
|
|
|
// This list is the current environment, plus any provider-specific variables restic needs.
|
|
|
|
|
func CmdEnv(backupLocation *velerov1api.BackupStorageLocation, credentialFileStore credentials.FileStore) ([]string, error) {
|
2023-08-03 07:58:05 +00:00
|
|
|
var env environ
|
|
|
|
|
env = os.Environ()
|
Use Credential from BSL for restic commands (#3489)
* Use Credential from BSL for restic commands
This change introduces support for restic to make use of per-BSL
credentials. It makes use of the `credentials.FileStore` introduced in
PR #3442 to write the BSL credentials to disk. To support per-BSL
credentials for restic, the environment for the restic commands needs to
be modified for each provider to ensure that the credentials are
provided via the correct provider specific environment variables.
This change introduces a new function `restic.CmdEnv` to check the BSL
provider and create the correct mapping of environment variables for
each provider.
Previously, AWS and GCP could rely on the environment variables in the
Velero deployments to obtain the credentials file, but now these
environment variables need to be set with the path to the serialized
credentials file if a credential is set on the BSL.
For Azure, the credentials file in the environment was loaded and parsed
to set the environment variables for restic. Now, we check if the BSL
has a credential, and if it does, load and parse that file instead.
This change also introduces a few other small improvements. Now that we
are fetching the BSL to check for the `Credential` field, we can use the
BSL directly to get the `CACert` which means that we can remove the
`GetCACert` function. Also, now that we have a way to serialize secrets
to disk, we can use the `credentials.FileStore` to get a temp file for
the restic repo password and remove the `restic.TempCredentialsFile`
function.
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Add documentation for per-BSL credentials
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review feedback
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review comments
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
2021-03-11 18:10:51 +00:00
|
|
|
customEnv := map[string]string{}
|
|
|
|
|
var err error
|
2018-09-25 21:46:29 +00:00
|
|
|
|
Use Credential from BSL for restic commands (#3489)
* Use Credential from BSL for restic commands
This change introduces support for restic to make use of per-BSL
credentials. It makes use of the `credentials.FileStore` introduced in
PR #3442 to write the BSL credentials to disk. To support per-BSL
credentials for restic, the environment for the restic commands needs to
be modified for each provider to ensure that the credentials are
provided via the correct provider specific environment variables.
This change introduces a new function `restic.CmdEnv` to check the BSL
provider and create the correct mapping of environment variables for
each provider.
Previously, AWS and GCP could rely on the environment variables in the
Velero deployments to obtain the credentials file, but now these
environment variables need to be set with the path to the serialized
credentials file if a credential is set on the BSL.
For Azure, the credentials file in the environment was loaded and parsed
to set the environment variables for restic. Now, we check if the BSL
has a credential, and if it does, load and parse that file instead.
This change also introduces a few other small improvements. Now that we
are fetching the BSL to check for the `Credential` field, we can use the
BSL directly to get the `CACert` which means that we can remove the
`GetCACert` function. Also, now that we have a way to serialize secrets
to disk, we can use the `credentials.FileStore` to get a temp file for
the restic repo password and remove the `restic.TempCredentialsFile`
function.
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Add documentation for per-BSL credentials
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review feedback
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review comments
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
2021-03-11 18:10:51 +00:00
|
|
|
config := backupLocation.Spec.Config
|
|
|
|
|
if config == nil {
|
|
|
|
|
config = map[string]string{}
|
2018-09-25 21:46:29 +00:00
|
|
|
}
|
|
|
|
|
|
Use Credential from BSL for restic commands (#3489)
* Use Credential from BSL for restic commands
This change introduces support for restic to make use of per-BSL
credentials. It makes use of the `credentials.FileStore` introduced in
PR #3442 to write the BSL credentials to disk. To support per-BSL
credentials for restic, the environment for the restic commands needs to
be modified for each provider to ensure that the credentials are
provided via the correct provider specific environment variables.
This change introduces a new function `restic.CmdEnv` to check the BSL
provider and create the correct mapping of environment variables for
each provider.
Previously, AWS and GCP could rely on the environment variables in the
Velero deployments to obtain the credentials file, but now these
environment variables need to be set with the path to the serialized
credentials file if a credential is set on the BSL.
For Azure, the credentials file in the environment was loaded and parsed
to set the environment variables for restic. Now, we check if the BSL
has a credential, and if it does, load and parse that file instead.
This change also introduces a few other small improvements. Now that we
are fetching the BSL to check for the `Credential` field, we can use the
BSL directly to get the `CACert` which means that we can remove the
`GetCACert` function. Also, now that we have a way to serialize secrets
to disk, we can use the `credentials.FileStore` to get a temp file for
the restic repo password and remove the `restic.TempCredentialsFile`
function.
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Add documentation for per-BSL credentials
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review feedback
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review comments
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
2021-03-11 18:10:51 +00:00
|
|
|
if backupLocation.Spec.Credential != nil {
|
|
|
|
|
credsFile, err := credentialFileStore.Path(backupLocation.Spec.Credential)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return []string{}, errors.WithStack(err)
|
|
|
|
|
}
|
2022-07-29 08:06:18 +00:00
|
|
|
config[repoconfig.CredentialsFileKey] = credsFile
|
2018-09-25 21:46:29 +00:00
|
|
|
}
|
|
|
|
|
|
2022-10-21 06:11:09 +00:00
|
|
|
backendType := repoconfig.GetBackendType(backupLocation.Spec.Provider, backupLocation.Spec.Config)
|
2019-12-09 14:46:02 +00:00
|
|
|
|
Use Credential from BSL for restic commands (#3489)
* Use Credential from BSL for restic commands
This change introduces support for restic to make use of per-BSL
credentials. It makes use of the `credentials.FileStore` introduced in
PR #3442 to write the BSL credentials to disk. To support per-BSL
credentials for restic, the environment for the restic commands needs to
be modified for each provider to ensure that the credentials are
provided via the correct provider specific environment variables.
This change introduces a new function `restic.CmdEnv` to check the BSL
provider and create the correct mapping of environment variables for
each provider.
Previously, AWS and GCP could rely on the environment variables in the
Velero deployments to obtain the credentials file, but now these
environment variables need to be set with the path to the serialized
credentials file if a credential is set on the BSL.
For Azure, the credentials file in the environment was loaded and parsed
to set the environment variables for restic. Now, we check if the BSL
has a credential, and if it does, load and parse that file instead.
This change also introduces a few other small improvements. Now that we
are fetching the BSL to check for the `Credential` field, we can use the
BSL directly to get the `CACert` which means that we can remove the
`GetCACert` function. Also, now that we have a way to serialize secrets
to disk, we can use the `credentials.FileStore` to get a temp file for
the restic repo password and remove the `restic.TempCredentialsFile`
function.
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Add documentation for per-BSL credentials
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review feedback
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review comments
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
2021-03-11 18:10:51 +00:00
|
|
|
switch backendType {
|
2022-07-29 08:06:18 +00:00
|
|
|
case repoconfig.AWSBackend:
|
|
|
|
|
customEnv, err = repoconfig.GetS3ResticEnvVars(config)
|
Use Credential from BSL for restic commands (#3489)
* Use Credential from BSL for restic commands
This change introduces support for restic to make use of per-BSL
credentials. It makes use of the `credentials.FileStore` introduced in
PR #3442 to write the BSL credentials to disk. To support per-BSL
credentials for restic, the environment for the restic commands needs to
be modified for each provider to ensure that the credentials are
provided via the correct provider specific environment variables.
This change introduces a new function `restic.CmdEnv` to check the BSL
provider and create the correct mapping of environment variables for
each provider.
Previously, AWS and GCP could rely on the environment variables in the
Velero deployments to obtain the credentials file, but now these
environment variables need to be set with the path to the serialized
credentials file if a credential is set on the BSL.
For Azure, the credentials file in the environment was loaded and parsed
to set the environment variables for restic. Now, we check if the BSL
has a credential, and if it does, load and parse that file instead.
This change also introduces a few other small improvements. Now that we
are fetching the BSL to check for the `Credential` field, we can use the
BSL directly to get the `CACert` which means that we can remove the
`GetCACert` function. Also, now that we have a way to serialize secrets
to disk, we can use the `credentials.FileStore` to get a temp file for
the restic repo password and remove the `restic.TempCredentialsFile`
function.
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Add documentation for per-BSL credentials
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review feedback
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review comments
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
2021-03-11 18:10:51 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return []string{}, err
|
|
|
|
|
}
|
2022-07-29 08:06:18 +00:00
|
|
|
case repoconfig.AzureBackend:
|
|
|
|
|
customEnv, err = repoconfig.GetAzureResticEnvVars(config)
|
Use Credential from BSL for restic commands (#3489)
* Use Credential from BSL for restic commands
This change introduces support for restic to make use of per-BSL
credentials. It makes use of the `credentials.FileStore` introduced in
PR #3442 to write the BSL credentials to disk. To support per-BSL
credentials for restic, the environment for the restic commands needs to
be modified for each provider to ensure that the credentials are
provided via the correct provider specific environment variables.
This change introduces a new function `restic.CmdEnv` to check the BSL
provider and create the correct mapping of environment variables for
each provider.
Previously, AWS and GCP could rely on the environment variables in the
Velero deployments to obtain the credentials file, but now these
environment variables need to be set with the path to the serialized
credentials file if a credential is set on the BSL.
For Azure, the credentials file in the environment was loaded and parsed
to set the environment variables for restic. Now, we check if the BSL
has a credential, and if it does, load and parse that file instead.
This change also introduces a few other small improvements. Now that we
are fetching the BSL to check for the `Credential` field, we can use the
BSL directly to get the `CACert` which means that we can remove the
`GetCACert` function. Also, now that we have a way to serialize secrets
to disk, we can use the `credentials.FileStore` to get a temp file for
the restic repo password and remove the `restic.TempCredentialsFile`
function.
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Add documentation for per-BSL credentials
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review feedback
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review comments
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
2021-03-11 18:10:51 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return []string{}, err
|
|
|
|
|
}
|
2022-07-29 08:06:18 +00:00
|
|
|
case repoconfig.GCPBackend:
|
|
|
|
|
customEnv, err = repoconfig.GetGCPResticEnvVars(config)
|
Use Credential from BSL for restic commands (#3489)
* Use Credential from BSL for restic commands
This change introduces support for restic to make use of per-BSL
credentials. It makes use of the `credentials.FileStore` introduced in
PR #3442 to write the BSL credentials to disk. To support per-BSL
credentials for restic, the environment for the restic commands needs to
be modified for each provider to ensure that the credentials are
provided via the correct provider specific environment variables.
This change introduces a new function `restic.CmdEnv` to check the BSL
provider and create the correct mapping of environment variables for
each provider.
Previously, AWS and GCP could rely on the environment variables in the
Velero deployments to obtain the credentials file, but now these
environment variables need to be set with the path to the serialized
credentials file if a credential is set on the BSL.
For Azure, the credentials file in the environment was loaded and parsed
to set the environment variables for restic. Now, we check if the BSL
has a credential, and if it does, load and parse that file instead.
This change also introduces a few other small improvements. Now that we
are fetching the BSL to check for the `Credential` field, we can use the
BSL directly to get the `CACert` which means that we can remove the
`GetCACert` function. Also, now that we have a way to serialize secrets
to disk, we can use the `credentials.FileStore` to get a temp file for
the restic repo password and remove the `restic.TempCredentialsFile`
function.
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Add documentation for per-BSL credentials
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review feedback
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review comments
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
2021-03-11 18:10:51 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return []string{}, err
|
|
|
|
|
}
|
2019-12-09 14:46:02 +00:00
|
|
|
}
|
|
|
|
|
|
Use Credential from BSL for restic commands (#3489)
* Use Credential from BSL for restic commands
This change introduces support for restic to make use of per-BSL
credentials. It makes use of the `credentials.FileStore` introduced in
PR #3442 to write the BSL credentials to disk. To support per-BSL
credentials for restic, the environment for the restic commands needs to
be modified for each provider to ensure that the credentials are
provided via the correct provider specific environment variables.
This change introduces a new function `restic.CmdEnv` to check the BSL
provider and create the correct mapping of environment variables for
each provider.
Previously, AWS and GCP could rely on the environment variables in the
Velero deployments to obtain the credentials file, but now these
environment variables need to be set with the path to the serialized
credentials file if a credential is set on the BSL.
For Azure, the credentials file in the environment was loaded and parsed
to set the environment variables for restic. Now, we check if the BSL
has a credential, and if it does, load and parse that file instead.
This change also introduces a few other small improvements. Now that we
are fetching the BSL to check for the `Credential` field, we can use the
BSL directly to get the `CACert` which means that we can remove the
`GetCACert` function. Also, now that we have a way to serialize secrets
to disk, we can use the `credentials.FileStore` to get a temp file for
the restic repo password and remove the `restic.TempCredentialsFile`
function.
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Add documentation for per-BSL credentials
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review feedback
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
* Address review comments
Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>
2021-03-11 18:10:51 +00:00
|
|
|
for k, v := range customEnv {
|
2023-08-03 07:58:05 +00:00
|
|
|
env.Unset(k)
|
|
|
|
|
if v == "" {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2019-12-09 14:46:02 +00:00
|
|
|
env = append(env, fmt.Sprintf("%s=%s", k, v))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return env, nil
|
|
|
|
|
}
|
2022-08-08 11:46:30 +00:00
|
|
|
|
|
|
|
|
// GetInsecureSkipTLSVerifyFromBSL get insecureSkipTLSVerify flag from BSL configuration,
|
|
|
|
|
// Then return --insecure-tls flag with boolean value as result.
|
|
|
|
|
func GetInsecureSkipTLSVerifyFromBSL(backupLocation *velerov1api.BackupStorageLocation, logger logrus.FieldLogger) string {
|
|
|
|
|
result := ""
|
|
|
|
|
|
|
|
|
|
if backupLocation == nil {
|
|
|
|
|
logger.Info("bsl is nil. return empty.")
|
|
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if insecure, _ := strconv.ParseBool(backupLocation.Spec.Config[insecureSkipTLSVerifyKey]); insecure {
|
|
|
|
|
logger.Debugf("set --insecure-tls=true for Restic command according to BSL %s config", backupLocation.Name)
|
|
|
|
|
result = resticInsecureTLSFlag + "=true"
|
|
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result
|
|
|
|
|
}
|
