Partially revert adding credentials to VSL (#3561)

We are no longer adding the Credentials field to the VSL so this reverts
part the change that added it (#3409).

The original PR also added the `snapshot-location set` command. This
command only included options for setting the credential but is part of
the work for #2426. Due to this, the command has been left in place
(with the credentials option removed) but has been hidden.

Signed-off-by: Bridget McErlean <bmcerlean@vmware.com>

changelogs/3409-nrb

@@ -1,2 +0,0 @@
-Add Credential field to Volume Snapshot Locations for multiple credential support.
-Add `velero snapshot-location set` command to edit credentials on a Volume Snapshot Location.

config/crd/bases/velero.io_volumesnapshotlocations.yaml

@@ -50,24 +50,6 @@ spec:
                 type: string
               description: Config is for provider-specific configuration fields.
               type: object
-            credential:
-              description: Credential contains the credential information intended
-                to be used with this location
-              properties:
-                key:
-                  description: The key of the secret to select from.  Must be a valid
-                    secret key.
-                  type: string
-                name:
-                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    TODO: Add other useful fields. apiVersion, kind, uid?'
-                  type: string
-                optional:
-                  description: Specify whether the Secret or its key must be defined
-                  type: boolean
-              required:
-              - key
-              type: object
             provider:
               description: Provider is the provider of the volume storage.
               type: string

pkg/apis/velero/v1/volume_snapshot_location.go

@@ -16,10 +16,7 @@ limitations under the License.
 
 package v1
 
-import (
-	corev1api "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -60,10 +57,6 @@ type VolumeSnapshotLocationSpec struct {
 	// Config is for provider-specific configuration fields.
 	// +optional
 	Config map[string]string `json:"config,omitempty"`
-
-	// Credential contains the credential information intended to be used with this location
-	// +optional
-	Credential *corev1api.SecretKeySelector `json:"credential,omitempty"`
 }
 
 // VolumeSnapshotLocationPhase is the lifecycle phase of a Velero VolumeSnapshotLocation.

pkg/apis/velero/v1/zz_generated.deepcopy.go

@@ -1653,11 +1653,6 @@ func (in *VolumeSnapshotLocationSpec) DeepCopyInto(out *VolumeSnapshotLocationSp
 			(*out)[key] = val
 		}
 	}
-	if in.Credential != nil {
-		in, out := &in.Credential, &out.Credential
-		*out = new(corev1.SecretKeySelector)
-		(*in).DeepCopyInto(*out)
-	}
 	return
 }
 

pkg/cmd/cli/snapshotlocation/create.go

@@ -23,11 +23,9 @@ import (
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	api "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
-	"github.com/vmware-tanzu/velero/pkg/builder"
 	"github.com/vmware-tanzu/velero/pkg/client"
 	"github.com/vmware-tanzu/velero/pkg/cmd"
 	"github.com/vmware-tanzu/velero/pkg/cmd/util/flag"
@@ -56,19 +54,15 @@ func NewCreateCommand(f client.Factory, use string) *cobra.Command {
 }
 
 type CreateOptions struct {
-	Name       string
-	Provider   string
-	Config     flag.Map
-	Labels     flag.Map
-	Credential flag.Map
-	secretName string
-	secretKey  string
+	Name     string
+	Provider string
+	Config   flag.Map
+	Labels   flag.Map
 }
 
 func NewCreateOptions() *CreateOptions {
 	return &CreateOptions{
-		Config:     flag.NewMap(),
-		Credential: flag.NewMap(),
+		Config: flag.NewMap(),
 	}
 }
 
@@ -76,7 +70,6 @@ func (o *CreateOptions) BindFlags(flags *pflag.FlagSet) {
 	flags.StringVar(&o.Provider, "provider", o.Provider, "Name of the volume snapshot provider (e.g. aws, azure, gcp).")
 	flags.Var(&o.Config, "config", "Configuration key-value pairs.")
 	flags.Var(&o.Labels, "labels", "Labels to apply to the volume snapshot location.")
-	flags.Var(&o.Credential, "credential", "The credential to be used by this location as a key-value pair, where the key is the Kubernetes Secret name, and the value is the data key name within the Secret. Optional, one value only.")
 }
 
 func (o *CreateOptions) Validate(c *cobra.Command, args []string, f client.Factory) error {
@@ -88,15 +81,6 @@ func (o *CreateOptions) Validate(c *cobra.Command, args []string, f client.Facto
 		return errors.New("--provider is required")
 	}
 
-	if len(o.Credential.Data()) > 1 {
-		return errors.New("--credential can only contain 1 key/value pair")
-	}
-
-	for k, v := range o.Credential.Data() {
-		o.secretName = k
-		o.secretKey = v
-		break
-	}
 	return nil
 }
 
@@ -113,9 +97,8 @@ func (o *CreateOptions) Run(c *cobra.Command, f client.Factory) error {
 			Labels:    o.Labels.Data(),
 		},
 		Spec: api.VolumeSnapshotLocationSpec{
-			Provider:   o.Provider,
-			Config:     o.Config.Data(),
-			Credential: builder.ForSecretKeySelector(o.secretName, o.secretKey).Result(),
+			Provider: o.Provider,
+			Config:   o.Config.Data(),
 		},
 	}
 

pkg/cmd/cli/snapshotlocation/set.go

@@ -27,10 +27,8 @@ import (
 	kbclient "sigs.k8s.io/controller-runtime/pkg/client"
 
 	velerov1api "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
-	"github.com/vmware-tanzu/velero/pkg/builder"
 	"github.com/vmware-tanzu/velero/pkg/client"
 	"github.com/vmware-tanzu/velero/pkg/cmd"
-	"github.com/vmware-tanzu/velero/pkg/cmd/util/flag"
 	"github.com/vmware-tanzu/velero/pkg/cmd/util/output"
 )
 
@@ -41,6 +39,9 @@ func NewSetCommand(f client.Factory, use string) *cobra.Command {
 		Use:   use + " NAME",
 		Short: "Set specific features for a snapshot location",
 		Args:  cobra.ExactArgs(1),
+		// Mark this command as hidden until more functionality is added
+		// as part of https://github.com/vmware-tanzu/velero/issues/2426
+		Hidden: true,
 		Run: func(c *cobra.Command, args []string) {
 			cmd.CheckError(o.Complete(args, f))
 			cmd.CheckError(o.Validate(c, args, f))
@@ -53,18 +54,14 @@ func NewSetCommand(f client.Factory, use string) *cobra.Command {
 }
 
 type SetOptions struct {
-	Name       string
-	Credential flag.Map
+	Name string
 }
 
 func NewSetOptions() *SetOptions {
-	return &SetOptions{
-		Credential: flag.NewMap(),
-	}
+	return &SetOptions{}
 }
 
-func (o *SetOptions) BindFlags(flags *pflag.FlagSet) {
-	flags.Var(&o.Credential, "credential", "Sets the credential to be used by this location as a key-value pair, where the key is the Kubernetes Secret name, and the value is the data key name within the Secret. Optional, one value only.")
+func (o *SetOptions) BindFlags(*pflag.FlagSet) {
 }
 
 func (o *SetOptions) Validate(c *cobra.Command, args []string, f client.Factory) error {
@@ -72,10 +69,6 @@ func (o *SetOptions) Validate(c *cobra.Command, args []string, f client.Factory)
 		return err
 	}
 
-	if len(o.Credential.Data()) > 1 {
-		return errors.New("--credential can only contain 1 key/value pair")
-	}
-
 	return nil
 }
 
@@ -99,11 +92,6 @@ func (o *SetOptions) Run(c *cobra.Command, f client.Factory) error {
 		return errors.WithStack(err)
 	}
 
-	for name, key := range o.Credential.Data() {
-		location.Spec.Credential = builder.ForSecretKeySelector(name, key).Result()
-		break
-	}
-
 	if err := kbClient.Update(context.Background(), location, &kbclient.UpdateOptions{}); err != nil {
 		return errors.WithStack(err)
 	}