Revert "allow self signed certs with insecureSkipVerify (#1769)"
This reverts commit 8e35ce0bde
.
Signed-off-by: Carlisia <carlisiac@vmware.com>
pull/1776/head
parent
8e35ce0bde
commit
b25865f5bb
|
@ -1 +0,0 @@
|
||||||
adds `insecureSkipTLSVerify` server config for AWS storage and `--insecure-skip-tls-verify` flag on client for self-signed certs
|
|
|
@ -17,9 +17,7 @@ limitations under the License.
|
||||||
package aws
|
package aws
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
|
||||||
"sort"
|
"sort"
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
|
@ -45,7 +43,6 @@ const (
|
||||||
bucketKey = "bucket"
|
bucketKey = "bucket"
|
||||||
signatureVersionKey = "signatureVersion"
|
signatureVersionKey = "signatureVersion"
|
||||||
credentialProfileKey = "profile"
|
credentialProfileKey = "profile"
|
||||||
insecureSkipTLSVerifyKey = "insecureSkipTLSVerify"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type s3Interface interface {
|
type s3Interface interface {
|
||||||
|
@ -86,7 +83,6 @@ func (o *ObjectStore) Init(config map[string]string) error {
|
||||||
s3ForcePathStyleKey,
|
s3ForcePathStyleKey,
|
||||||
signatureVersionKey,
|
signatureVersionKey,
|
||||||
credentialProfileKey,
|
credentialProfileKey,
|
||||||
insecureSkipTLSVerifyKey,
|
|
||||||
); err != nil {
|
); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -99,7 +95,6 @@ func (o *ObjectStore) Init(config map[string]string) error {
|
||||||
s3ForcePathStyleVal = config[s3ForcePathStyleKey]
|
s3ForcePathStyleVal = config[s3ForcePathStyleKey]
|
||||||
signatureVersion = config[signatureVersionKey]
|
signatureVersion = config[signatureVersionKey]
|
||||||
credentialProfile = config[credentialProfileKey]
|
credentialProfile = config[credentialProfileKey]
|
||||||
insecureSkipTLSVerifyVal = config[insecureSkipTLSVerifyKey]
|
|
||||||
|
|
||||||
// note that bucket is automatically added to the config map
|
// note that bucket is automatically added to the config map
|
||||||
// by the server from the ObjectStorageProviderConfig so
|
// by the server from the ObjectStorageProviderConfig so
|
||||||
|
@ -107,7 +102,6 @@ func (o *ObjectStore) Init(config map[string]string) error {
|
||||||
// config.
|
// config.
|
||||||
bucket = config[bucketKey]
|
bucket = config[bucketKey]
|
||||||
s3ForcePathStyle bool
|
s3ForcePathStyle bool
|
||||||
insecureSkipTLSVerify bool
|
|
||||||
err error
|
err error
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -133,20 +127,6 @@ func (o *ObjectStore) Init(config map[string]string) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if insecureSkipTLSVerifyVal != "" {
|
|
||||||
if insecureSkipTLSVerify, err = strconv.ParseBool(insecureSkipTLSVerifyVal); err != nil {
|
|
||||||
return errors.Wrapf(err, "could not parse %s (expected bool)", insecureSkipTLSVerifyKey)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if insecureSkipTLSVerify {
|
|
||||||
serverConfig.HTTPClient = &http.Client{
|
|
||||||
Transport: &http.Transport{
|
|
||||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
serverSession, err := getSession(serverConfig, credentialProfile)
|
serverSession, err := getSession(serverConfig, credentialProfile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -35,7 +35,6 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {
|
||||||
var (
|
var (
|
||||||
listOptions metav1.ListOptions
|
listOptions metav1.ListOptions
|
||||||
details bool
|
details bool
|
||||||
insecureSkipTLSVerify bool
|
|
||||||
)
|
)
|
||||||
|
|
||||||
c := &cobra.Command{
|
c := &cobra.Command{
|
||||||
|
@ -72,7 +71,7 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {
|
||||||
fmt.Fprintf(os.Stderr, "error getting PodVolumeBackups for backup %s: %v\n", backup.Name, err)
|
fmt.Fprintf(os.Stderr, "error getting PodVolumeBackups for backup %s: %v\n", backup.Name, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
s := output.DescribeBackup(&backup, deleteRequestList.Items, podVolumeBackupList.Items, details, veleroClient, insecureSkipTLSVerify)
|
s := output.DescribeBackup(&backup, deleteRequestList.Items, podVolumeBackupList.Items, details, veleroClient)
|
||||||
if first {
|
if first {
|
||||||
first = false
|
first = false
|
||||||
fmt.Print(s)
|
fmt.Print(s)
|
||||||
|
@ -86,7 +85,6 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {
|
||||||
|
|
||||||
c.Flags().StringVarP(&listOptions.LabelSelector, "selector", "l", listOptions.LabelSelector, "only show items matching this label selector")
|
c.Flags().StringVarP(&listOptions.LabelSelector, "selector", "l", listOptions.LabelSelector, "only show items matching this label selector")
|
||||||
c.Flags().BoolVar(&details, "details", details, "display additional detail in the command output")
|
c.Flags().BoolVar(&details, "details", details, "display additional detail in the command output")
|
||||||
c.Flags().BoolVar(&insecureSkipTLSVerify, "insecure-skip-tls-verify", insecureSkipTLSVerify, "do not verify the TLS certificate for storage requests only. This is susceptible to man-in-the-middle attacks.")
|
|
||||||
|
|
||||||
return c
|
return c
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,7 +56,6 @@ type DownloadOptions struct {
|
||||||
Output string
|
Output string
|
||||||
Force bool
|
Force bool
|
||||||
Timeout time.Duration
|
Timeout time.Duration
|
||||||
InsecureSkipTLSVerify bool
|
|
||||||
writeOptions int
|
writeOptions int
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -70,7 +69,6 @@ func (o *DownloadOptions) BindFlags(flags *pflag.FlagSet) {
|
||||||
flags.StringVarP(&o.Output, "output", "o", o.Output, "path to output file. Defaults to <NAME>-data.tar.gz in the current directory")
|
flags.StringVarP(&o.Output, "output", "o", o.Output, "path to output file. Defaults to <NAME>-data.tar.gz in the current directory")
|
||||||
flags.BoolVar(&o.Force, "force", o.Force, "forces the download and will overwrite file if it exists already")
|
flags.BoolVar(&o.Force, "force", o.Force, "forces the download and will overwrite file if it exists already")
|
||||||
flags.DurationVar(&o.Timeout, "timeout", o.Timeout, "maximum time to wait to process download request")
|
flags.DurationVar(&o.Timeout, "timeout", o.Timeout, "maximum time to wait to process download request")
|
||||||
flags.BoolVar(&o.InsecureSkipTLSVerify, "insecure-skip-tls-verify", o.InsecureSkipTLSVerify, "do not verify the TLS certificate for storage requests only. This is susceptible to man-in-the-middle attacks.")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (o *DownloadOptions) Validate(c *cobra.Command, args []string, f client.Factory) error {
|
func (o *DownloadOptions) Validate(c *cobra.Command, args []string, f client.Factory) error {
|
||||||
|
@ -113,7 +111,7 @@ func (o *DownloadOptions) Run(c *cobra.Command, f client.Factory) error {
|
||||||
}
|
}
|
||||||
defer backupDest.Close()
|
defer backupDest.Close()
|
||||||
|
|
||||||
err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), o.Name, v1.DownloadTargetKindBackupContents, backupDest, o.Timeout, o.InsecureSkipTLSVerify)
|
err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), o.Name, v1.DownloadTargetKindBackupContents, backupDest, o.Timeout)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
os.Remove(o.Output)
|
os.Remove(o.Output)
|
||||||
cmd.CheckError(err)
|
cmd.CheckError(err)
|
||||||
|
|
|
@ -32,7 +32,6 @@ import (
|
||||||
|
|
||||||
func NewLogsCommand(f client.Factory) *cobra.Command {
|
func NewLogsCommand(f client.Factory) *cobra.Command {
|
||||||
timeout := time.Minute
|
timeout := time.Minute
|
||||||
insecureSkipTLSVerify := false
|
|
||||||
|
|
||||||
c := &cobra.Command{
|
c := &cobra.Command{
|
||||||
Use: "logs BACKUP",
|
Use: "logs BACKUP",
|
||||||
|
@ -59,13 +58,12 @@ func NewLogsCommand(f client.Factory) *cobra.Command {
|
||||||
"until the backup has a phase of Completed or Failed and try again.", backupName)
|
"until the backup has a phase of Completed or Failed and try again.", backupName)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), backupName, v1.DownloadTargetKindBackupLog, os.Stdout, timeout, insecureSkipTLSVerify)
|
err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), backupName, v1.DownloadTargetKindBackupLog, os.Stdout, timeout)
|
||||||
cmd.CheckError(err)
|
cmd.CheckError(err)
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
c.Flags().DurationVar(&timeout, "timeout", timeout, "how long to wait to receive logs")
|
c.Flags().DurationVar(&timeout, "timeout", timeout, "how long to wait to receive logs")
|
||||||
c.Flags().BoolVar(&insecureSkipTLSVerify, "insecure-skip-tls-verify", insecureSkipTLSVerify, "do not verify the TLS certificate for storage requests only. This is susceptible to man-in-the-middle attacks.")
|
|
||||||
|
|
||||||
return c
|
return c
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,7 +34,6 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {
|
||||||
var (
|
var (
|
||||||
listOptions metav1.ListOptions
|
listOptions metav1.ListOptions
|
||||||
details bool
|
details bool
|
||||||
insecureSkipTLSVerify bool
|
|
||||||
)
|
)
|
||||||
|
|
||||||
c := &cobra.Command{
|
c := &cobra.Command{
|
||||||
|
@ -65,7 +64,7 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {
|
||||||
fmt.Fprintf(os.Stderr, "error getting PodVolumeRestores for restore %s: %v\n", restore.Name, err)
|
fmt.Fprintf(os.Stderr, "error getting PodVolumeRestores for restore %s: %v\n", restore.Name, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
s := output.DescribeRestore(&restore, podvolumeRestoreList.Items, details, veleroClient, insecureSkipTLSVerify)
|
s := output.DescribeRestore(&restore, podvolumeRestoreList.Items, details, veleroClient)
|
||||||
if first {
|
if first {
|
||||||
first = false
|
first = false
|
||||||
fmt.Print(s)
|
fmt.Print(s)
|
||||||
|
@ -79,7 +78,6 @@ func NewDescribeCommand(f client.Factory, use string) *cobra.Command {
|
||||||
|
|
||||||
c.Flags().StringVarP(&listOptions.LabelSelector, "selector", "l", listOptions.LabelSelector, "only show items matching this label selector")
|
c.Flags().StringVarP(&listOptions.LabelSelector, "selector", "l", listOptions.LabelSelector, "only show items matching this label selector")
|
||||||
c.Flags().BoolVar(&details, "details", details, "display additional detail in the command output")
|
c.Flags().BoolVar(&details, "details", details, "display additional detail in the command output")
|
||||||
c.Flags().BoolVar(&insecureSkipTLSVerify, "insecure-skip-tls-verify", insecureSkipTLSVerify, "do not verify the TLS certificate for storage requests only. This is susceptible to man-in-the-middle attacks.")
|
|
||||||
|
|
||||||
return c
|
return c
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,7 +32,6 @@ import (
|
||||||
|
|
||||||
func NewLogsCommand(f client.Factory) *cobra.Command {
|
func NewLogsCommand(f client.Factory) *cobra.Command {
|
||||||
timeout := time.Minute
|
timeout := time.Minute
|
||||||
insecureSkipTLSVerify := false
|
|
||||||
|
|
||||||
c := &cobra.Command{
|
c := &cobra.Command{
|
||||||
Use: "logs RESTORE",
|
Use: "logs RESTORE",
|
||||||
|
@ -59,13 +58,12 @@ func NewLogsCommand(f client.Factory) *cobra.Command {
|
||||||
"until the restore has a phase of Completed or Failed and try again.", restoreName)
|
"until the restore has a phase of Completed or Failed and try again.", restoreName)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), restoreName, v1.DownloadTargetKindRestoreLog, os.Stdout, timeout, insecureSkipTLSVerify)
|
err = downloadrequest.Stream(veleroClient.VeleroV1(), f.Namespace(), restoreName, v1.DownloadTargetKindRestoreLog, os.Stdout, timeout)
|
||||||
cmd.CheckError(err)
|
cmd.CheckError(err)
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
c.Flags().DurationVar(&timeout, "timeout", timeout, "how long to wait to receive logs")
|
c.Flags().DurationVar(&timeout, "timeout", timeout, "how long to wait to receive logs")
|
||||||
c.Flags().BoolVar(&insecureSkipTLSVerify, "insecure-skip-tls-verify", insecureSkipTLSVerify, "do not verify the TLS certificate for storage requests only. This is susceptible to man-in-the-middle attacks.")
|
|
||||||
|
|
||||||
return c
|
return c
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,13 +18,10 @@ package downloadrequest
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"compress/gzip"
|
"compress/gzip"
|
||||||
"crypto/tls"
|
|
||||||
"crypto/x509"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
@ -39,7 +36,7 @@ import (
|
||||||
// not found
|
// not found
|
||||||
var ErrNotFound = errors.New("file not found")
|
var ErrNotFound = errors.New("file not found")
|
||||||
|
|
||||||
func Stream(client velerov1client.DownloadRequestsGetter, namespace, name string, kind v1.DownloadTargetKind, w io.Writer, timeout time.Duration, insecureSkipTLSVerify bool) error {
|
func Stream(client velerov1client.DownloadRequestsGetter, namespace, name string, kind v1.DownloadTargetKind, w io.Writer, timeout time.Duration) error {
|
||||||
req := &v1.DownloadRequest{
|
req := &v1.DownloadRequest{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Namespace: namespace,
|
Namespace: namespace,
|
||||||
|
@ -108,11 +105,6 @@ Loop:
|
||||||
}
|
}
|
||||||
|
|
||||||
httpClient := new(http.Client)
|
httpClient := new(http.Client)
|
||||||
if insecureSkipTLSVerify {
|
|
||||||
httpClient.Transport = &http.Transport{
|
|
||||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
httpReq, err := http.NewRequest("GET", req.Status.DownloadURL, nil)
|
httpReq, err := http.NewRequest("GET", req.Status.DownloadURL, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -126,11 +118,6 @@ Loop:
|
||||||
|
|
||||||
resp, err := httpClient.Do(httpReq)
|
resp, err := httpClient.Do(httpReq)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if urlErr, ok := err.(*url.Error); ok {
|
|
||||||
if _, ok := urlErr.Err.(x509.UnknownAuthorityError); ok {
|
|
||||||
return fmt.Errorf(err.Error() + "\n\nThe --insecure-skip-tls-verify flag can also be used to accept any TLS certificate for the download, but it is susceptible to man-in-the-middle attacks.")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
|
@ -151,7 +151,7 @@ func TestStream(t *testing.T) {
|
||||||
output := new(bytes.Buffer)
|
output := new(bytes.Buffer)
|
||||||
errCh := make(chan error)
|
errCh := make(chan error)
|
||||||
go func() {
|
go func() {
|
||||||
err := Stream(client.VeleroV1(), "namespace", "name", test.kind, output, timeout, false)
|
err := Stream(client.VeleroV1(), "namespace", "name", test.kind, output, timeout)
|
||||||
errCh <- err
|
errCh <- err
|
||||||
}()
|
}()
|
||||||
|
|
||||||
|
|
|
@ -38,7 +38,6 @@ func DescribeBackup(
|
||||||
podVolumeBackups []velerov1api.PodVolumeBackup,
|
podVolumeBackups []velerov1api.PodVolumeBackup,
|
||||||
details bool,
|
details bool,
|
||||||
veleroClient clientset.Interface,
|
veleroClient clientset.Interface,
|
||||||
insecureSkipTLSVerify bool,
|
|
||||||
) string {
|
) string {
|
||||||
return Describe(func(d *Describer) {
|
return Describe(func(d *Describer) {
|
||||||
d.DescribeMetadata(backup.ObjectMeta)
|
d.DescribeMetadata(backup.ObjectMeta)
|
||||||
|
@ -75,7 +74,7 @@ func DescribeBackup(
|
||||||
DescribeBackupSpec(d, backup.Spec)
|
DescribeBackupSpec(d, backup.Spec)
|
||||||
|
|
||||||
d.Println()
|
d.Println()
|
||||||
DescribeBackupStatus(d, backup, details, veleroClient, insecureSkipTLSVerify)
|
DescribeBackupStatus(d, backup, details, veleroClient)
|
||||||
|
|
||||||
if len(deleteRequests) > 0 {
|
if len(deleteRequests) > 0 {
|
||||||
d.Println()
|
d.Println()
|
||||||
|
@ -212,7 +211,7 @@ func DescribeBackupSpec(d *Describer, spec velerov1api.BackupSpec) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// DescribeBackupStatus describes a backup status in human-readable format.
|
// DescribeBackupStatus describes a backup status in human-readable format.
|
||||||
func DescribeBackupStatus(d *Describer, backup *velerov1api.Backup, details bool, veleroClient clientset.Interface, insecureSkipTLSVerify bool) {
|
func DescribeBackupStatus(d *Describer, backup *velerov1api.Backup, details bool, veleroClient clientset.Interface) {
|
||||||
status := backup.Status
|
status := backup.Status
|
||||||
|
|
||||||
d.Printf("Backup Format Version:\t%d\n", status.Version)
|
d.Printf("Backup Format Version:\t%d\n", status.Version)
|
||||||
|
@ -235,7 +234,7 @@ func DescribeBackupStatus(d *Describer, backup *velerov1api.Backup, details bool
|
||||||
d.Println()
|
d.Println()
|
||||||
|
|
||||||
if details {
|
if details {
|
||||||
describeBackupResourceList(d, backup, veleroClient, insecureSkipTLSVerify)
|
describeBackupResourceList(d, backup, veleroClient)
|
||||||
d.Println()
|
d.Println()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -246,7 +245,7 @@ func DescribeBackupStatus(d *Describer, backup *velerov1api.Backup, details bool
|
||||||
}
|
}
|
||||||
|
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
if err := downloadrequest.Stream(veleroClient.VeleroV1(), backup.Namespace, backup.Name, velerov1api.DownloadTargetKindBackupVolumeSnapshots, buf, downloadRequestTimeout, insecureSkipTLSVerify); err != nil {
|
if err := downloadrequest.Stream(veleroClient.VeleroV1(), backup.Namespace, backup.Name, velerov1api.DownloadTargetKindBackupVolumeSnapshots, buf, downloadRequestTimeout); err != nil {
|
||||||
d.Printf("Persistent Volumes:\t<error getting volume snapshot info: %v>\n", err)
|
d.Printf("Persistent Volumes:\t<error getting volume snapshot info: %v>\n", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -267,9 +266,9 @@ func DescribeBackupStatus(d *Describer, backup *velerov1api.Backup, details bool
|
||||||
d.Printf("Persistent Volumes: <none included>\n")
|
d.Printf("Persistent Volumes: <none included>\n")
|
||||||
}
|
}
|
||||||
|
|
||||||
func describeBackupResourceList(d *Describer, backup *velerov1api.Backup, veleroClient clientset.Interface, insecureSkipTLSVerify bool) {
|
func describeBackupResourceList(d *Describer, backup *velerov1api.Backup, veleroClient clientset.Interface) {
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
if err := downloadrequest.Stream(veleroClient.VeleroV1(), backup.Namespace, backup.Name, velerov1api.DownloadTargetKindBackupResourceList, buf, downloadRequestTimeout, insecureSkipTLSVerify); err != nil {
|
if err := downloadrequest.Stream(veleroClient.VeleroV1(), backup.Namespace, backup.Name, velerov1api.DownloadTargetKindBackupResourceList, buf, downloadRequestTimeout); err != nil {
|
||||||
if err == downloadrequest.ErrNotFound {
|
if err == downloadrequest.ErrNotFound {
|
||||||
d.Println("Resource List:\t<backup resource list not found, this could be because this backup was taken prior to Velero 1.1.0>")
|
d.Println("Resource List:\t<backup resource list not found, this could be because this backup was taken prior to Velero 1.1.0>")
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -31,7 +31,7 @@ import (
|
||||||
pkgrestore "github.com/heptio/velero/pkg/restore"
|
pkgrestore "github.com/heptio/velero/pkg/restore"
|
||||||
)
|
)
|
||||||
|
|
||||||
func DescribeRestore(restore *v1.Restore, podVolumeRestores []v1.PodVolumeRestore, details bool, veleroClient clientset.Interface, insecureSkipTLSVerify bool) string {
|
func DescribeRestore(restore *v1.Restore, podVolumeRestores []v1.PodVolumeRestore, details bool, veleroClient clientset.Interface) string {
|
||||||
return Describe(func(d *Describer) {
|
return Describe(func(d *Describer) {
|
||||||
d.DescribeMetadata(restore.ObjectMeta)
|
d.DescribeMetadata(restore.ObjectMeta)
|
||||||
|
|
||||||
|
@ -56,7 +56,7 @@ func DescribeRestore(restore *v1.Restore, podVolumeRestores []v1.PodVolumeRestor
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
describeRestoreResults(d, restore, veleroClient, insecureSkipTLSVerify)
|
describeRestoreResults(d, restore, veleroClient)
|
||||||
|
|
||||||
d.Println()
|
d.Println()
|
||||||
d.Printf("Backup:\t%s\n", restore.Spec.BackupName)
|
d.Printf("Backup:\t%s\n", restore.Spec.BackupName)
|
||||||
|
@ -114,7 +114,7 @@ func DescribeRestore(restore *v1.Restore, podVolumeRestores []v1.PodVolumeRestor
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func describeRestoreResults(d *Describer, restore *v1.Restore, veleroClient clientset.Interface, insecureSkipTLSVerify bool) {
|
func describeRestoreResults(d *Describer, restore *v1.Restore, veleroClient clientset.Interface) {
|
||||||
if restore.Status.Warnings == 0 && restore.Status.Errors == 0 {
|
if restore.Status.Warnings == 0 && restore.Status.Errors == 0 {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -122,7 +122,7 @@ func describeRestoreResults(d *Describer, restore *v1.Restore, veleroClient clie
|
||||||
var buf bytes.Buffer
|
var buf bytes.Buffer
|
||||||
var resultMap map[string]pkgrestore.Result
|
var resultMap map[string]pkgrestore.Result
|
||||||
|
|
||||||
if err := downloadrequest.Stream(veleroClient.VeleroV1(), restore.Namespace, restore.Name, v1.DownloadTargetKindRestoreResults, &buf, downloadRequestTimeout, insecureSkipTLSVerify); err != nil {
|
if err := downloadrequest.Stream(veleroClient.VeleroV1(), restore.Namespace, restore.Name, v1.DownloadTargetKindRestoreResults, &buf, downloadRequestTimeout); err != nil {
|
||||||
d.Printf("Warnings:\t<error getting warnings: %v>\n\nErrors:\t<error getting errors: %v>\n", err, err)
|
d.Printf("Warnings:\t<error getting warnings: %v>\n\nErrors:\t<error getting errors: %v>\n", err, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,7 +53,6 @@ The configurable parameters are as follows:
|
||||||
| `kmsKeyId` | string | Empty | *Example*: "502b409c-4da1-419f-a16e-eif453b3i49f" or "alias/`<KMS-Key-Alias-Name>`"<br><br>Specify an [AWS KMS key][10] id or alias to enable encryption of the backups stored in S3. Only works with AWS S3 and may require explicitly granting key usage rights.|
|
| `kmsKeyId` | string | Empty | *Example*: "502b409c-4da1-419f-a16e-eif453b3i49f" or "alias/`<KMS-Key-Alias-Name>`"<br><br>Specify an [AWS KMS key][10] id or alias to enable encryption of the backups stored in S3. Only works with AWS S3 and may require explicitly granting key usage rights.|
|
||||||
| `signatureVersion` | string | `"4"` | Version of the signature algorithm used to create signed URLs that are used by velero cli to download backups or fetch logs. Possible versions are "1" and "4". Usually the default version 4 is correct, but some S3-compatible providers like Quobyte only support version 1.|
|
| `signatureVersion` | string | `"4"` | Version of the signature algorithm used to create signed URLs that are used by velero cli to download backups or fetch logs. Possible versions are "1" and "4". Usually the default version 4 is correct, but some S3-compatible providers like Quobyte only support version 1.|
|
||||||
| `profile` | string | "default" | AWS profile within the credential file to use for given store |
|
| `profile` | string | "default" | AWS profile within the credential file to use for given store |
|
||||||
| `insecureSkipTLSVerify` | bool | `false` | Set this to `true` if you do not want to verify the TLS certificate for storage requests only--like self-signed certs in Minio. This is susceptible to man-in-the-middle attacks and is not recommended for production. |
|
|
||||||
|
|
||||||
#### Azure
|
#### Azure
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue