Address https://github.com/vmware-tanzu/velero/pull/8581#pullrequestreview-2622443771

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>

pkg/repository/provider/unified_repo.go

@@ -506,6 +506,10 @@ func getStorageCredentials(backupLocation *velerov1api.BackupStorageLocation, cr
 	return result, nil
 }
 
+// Translates user specified options (backupRepoConfig) to internal parameters
+// so we would accept only the options that are well defined in the internal system.
+// Users' inputs should not be treated as safe any time.
+// We remove the unnecessary parameters and keep the modules/logics below safe
 func getStorageVariables(backupLocation *velerov1api.BackupStorageLocation, repoBackend string, repoName string, backupRepoConfig map[string]string) (map[string]string, error) {
 	result := make(map[string]string)
 
@@ -576,14 +580,19 @@ func getStorageVariables(backupLocation *velerov1api.BackupStorageLocation, repo
 	result[udmrepo.StoreOptionOssRegion] = strings.Trim(region, "/")
 	result[udmrepo.StoreOptionFsPath] = config["fspath"]
 
-	// Write all backupRepoConfig to results if not exists, otherwise error on conflict
-	for k, v := range backupRepoConfig { // if nil, this would be skipped
-		if _, ok := result[k]; !ok {
-			// TODO: validation of allowed values for each key?
-			result[k] = v
-		} else {
-			return result, errors.Errorf("backupRepoConfig contains key %s that would override storage variables", k)
+	// We remove the unnecessary parameters and keep the modules/logics below safe
+	if backupRepoConfig != nil {
+		// range of valid params to keep, everything else will be discarded.
+		validParams := []string{
+			udmrepo.StoreOptionCacheLimit,
+			udmrepo.StoreOptionKeyFullMaintenanceInterval,
 		}
+		for _, param := range validParams {
+			if v, found := backupRepoConfig[param]; found {
+				result[param] = v
+			}
+		}
+
 	}
 
 	return result, nil