vmware-tanzu
/
velero
mirror of https://github.com/vmware-tanzu/velero.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add credential field to the bsl 

Signed-off-by: Carlisia <carlisia@vmware.com>
pull/3190/head
Carlisia 2020-12-15 12:10:47 -08:00
parent 2a234a75bb
commit 9dbb8b6906
6 changed files with 75 additions and 13 deletions

18
config/crd/bases/velero.io_backupstoragelocations.yaml
View File

@ -87,6 +87,24 @@ spec:
type: string
description: Config is for provider-specific configuration fields.
type: object
credential:
description: Credential contain the credential information intended
to be used with this location
properties:
key:
description: The key of the secret to select from. Must be a valid
secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
default:
description: Default indicates this location is the default backup storage
location.

2
config/crd/crds/crds.go
View File

File diff suppressed because one or more lines are too long

5
pkg/apis/velero/v1/backupstoragelocation_types.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package v1
import (
corev1api "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
)
@ -30,6 +31,10 @@ type BackupStorageLocationSpec struct {
// +optional
Config map[string]string `json:"config,omitempty"`
// Credential contain the credential information intended to be used with this location
// +optional
Credential *corev1api.SecretKeySelector `json:"credential"`
StorageType `json:",inline"`
// Default indicates this location is the default backup storage location.

5
pkg/apis/velero/v1/zz_generated.deepcopy.go
View File

@ -381,6 +381,11 @@ func (in *BackupStorageLocationSpec) DeepCopyInto(out *BackupStorageLocationSpec
(*out)[key] = val
}
}
if in.Credential != nil {
in, out := &in.Credential, &out.Credential
*out = new(corev1.SecretKeySelector)
(*in).DeepCopyInto(*out)
}
in.StorageType.DeepCopyInto(&out.StorageType)
if in.BackupSyncPeriod != nil {
in, out := &in.BackupSyncPeriod, &out.BackupSyncPeriod

21
pkg/cmd/cli/backuplocation/create.go
View File

@ -27,6 +27,7 @@ import (
"github.com/pkg/errors"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
corev1api "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kbclient "sigs.k8s.io/controller-runtime/pkg/client"
@ -63,6 +64,7 @@ type CreateOptions struct {
Name string
Provider string
Bucket string
Credential flag.Map
DefaultBackupStorageLocation bool
Prefix string
BackupSyncPeriod, ValidationFrequency time.Duration
@ -74,7 +76,8 @@ type CreateOptions struct {
func NewCreateOptions() *CreateOptions {
return &CreateOptions{
Config: flag.NewMap(),
Credential: flag.NewMap(),
Config: flag.NewMap(),
AccessMode: flag.NewEnum(
string(velerov1api.BackupStorageLocationAccessModeReadWrite),
string(velerov1api.BackupStorageLocationAccessModeReadWrite),
@ -86,6 +89,7 @@ func NewCreateOptions() *CreateOptions {
func (o *CreateOptions) BindFlags(flags *pflag.FlagSet) {
flags.StringVar(&o.Provider, "provider", o.Provider, "Name of the backup storage provider (e.g. aws, azure, gcp).")
flags.StringVar(&o.Bucket, "bucket", o.Bucket, "Name of the object storage bucket where backups should be stored.")
flags.Var(&o.Credential, "credential", "The one credential to be used by this location in key-value pair, where key is the secret name, and value is the secret key name. Optional.")
flags.BoolVar(&o.DefaultBackupStorageLocation, "default", o.DefaultBackupStorageLocation, "Sets this new location to be the new default backup storage location. Optional.")
flags.StringVar(&o.Prefix, "prefix", o.Prefix, "Prefix under which all Velero data should be stored within the bucket. Optional.")
flags.DurationVar(&o.BackupSyncPeriod, "backup-sync-period", o.BackupSyncPeriod, "How often to ensure all Velero backups in object storage exist as Backup API objects in the cluster. Optional. Set this to `0s` to disable sync. Default: 1 minute.")
@ -148,6 +152,13 @@ func (o *CreateOptions) Run(c *cobra.Command, f client.Factory) error {
validationFrequency = &metav1.Duration{Duration: o.ValidationFrequency}
}
var secretName, secretKey string
for k, v := range o.Credential.Data() {
secretName = k
secretKey = v
break
}
backupStorageLocation := &velerov1api.BackupStorageLocation{
ObjectMeta: metav1.ObjectMeta{
Namespace: f.Namespace(),
@ -163,7 +174,13 @@ func (o *CreateOptions) Run(c *cobra.Command, f client.Factory) error {
CACert: caCertData,
},
},
Config: o.Config.Data(),
Config: o.Config.Data(),
Credential: &corev1api.SecretKeySelector{
LocalObjectReference: corev1api.LocalObjectReference{
Name: secretName,
},
Key: secretKey,
},
Default: o.DefaultBackupStorageLocation,
AccessMode: velerov1api.BackupStorageLocationAccessMode(o.AccessMode.String()),
BackupSyncPeriod: backupSyncPeriod,

37
pkg/cmd/cli/backuplocation/set.go
View File

@ -25,12 +25,14 @@ import (
"github.com/pkg/errors"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
corev1api "k8s.io/api/core/v1"
kbclient "sigs.k8s.io/controller-runtime/pkg/client"
velerov1api "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
"github.com/vmware-tanzu/velero/pkg/client"
"github.com/vmware-tanzu/velero/pkg/cmd"
"github.com/vmware-tanzu/velero/pkg/cmd/util/flag"
)
func NewSetCommand(f client.Factory, use string) *cobra.Command {
@ -54,15 +56,19 @@ func NewSetCommand(f client.Factory, use string) *cobra.Command {
type SetOptions struct {
Name string
CACertFile string
Credential flag.Map
DefaultBackupStorageLocation bool
}
func NewSetOptions() *SetOptions {
return &SetOptions{}
return &SetOptions{
Credential: flag.NewMap(),
}
}
func (o *SetOptions) BindFlags(flags *pflag.FlagSet) {
flags.StringVar(&o.CACertFile, "cacert", o.CACertFile, "File containing a certificate bundle to use when verifying TLS connections to the object store. Optional.")
flags.Var(&o.Credential, "credential", "Sets the one credential to be used by this location in key-value pair, where key is the secret name, and value is the secret key name. Optional.")
flags.BoolVar(&o.DefaultBackupStorageLocation, "default", o.DefaultBackupStorageLocation, "Sets this new location to be the new default backup storage location. Optional.")
}
@ -77,15 +83,6 @@ func (o *SetOptions) Run(c *cobra.Command, f client.Factory) error {
return err
}
location := &velerov1api.BackupStorageLocation{}
err = kbClient.Get(context.Background(), kbclient.ObjectKey{
Namespace: f.Namespace(),
Name: o.Name,
}, location)
if err != nil {
return errors.WithStack(err)
}
var caCertData []byte
if o.CACertFile != "" {
realPath, err := filepath.Abs(o.CACertFile)
@ -98,6 +95,15 @@ func (o *SetOptions) Run(c *cobra.Command, f client.Factory) error {
}
}
location := &velerov1api.BackupStorageLocation{}
err = kbClient.Get(context.Background(), kbclient.ObjectKey{
Namespace: f.Namespace(),
Name: o.Name,
}, location)
if err != nil {
return errors.WithStack(err)
}
if o.DefaultBackupStorageLocation {
// There is one and only one default backup storage location.
// Disable the origin default backup storage location.
@ -123,6 +129,17 @@ func (o *SetOptions) Run(c *cobra.Command, f client.Factory) error {
location.Spec.Default = o.DefaultBackupStorageLocation
location.Spec.StorageType.ObjectStorage.CACert = caCertData
for k, v := range o.Credential.Data() {
location.Spec.Credential = &corev1api.SecretKeySelector{
LocalObjectReference: corev1api.LocalObjectReference{
Name: k,
},
Key: v,
}
break
}
if err := kbClient.Update(context.Background(), location, &kbclient.UpdateOptions{}); err != nil {
return errors.WithStack(err)
}