vmware-tanzu
/
velero
mirror of https://github.com/vmware-tanzu/velero.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #910 from james-powis/fix_restic_restore_service_user_token 

Drop volumes matching name ServiceAccountName-token-
pull/918/head
KubeKween 2018-10-09 11:32:23 -07:00 committed by GitHub
parent 7c3f4ddd74 30369c2ad5
commit d579784692
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 72 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
pkg/restore/pod_action.go
View File

@ -112,5 +112,36 @@ func (a *podAction) Execute(obj runtime.Unstructured, restore *api.Restore) (run
return nil, nil, err return nil, nil, err
} }
a.logger.Debug("iterating over init containers")
err = collections.ForEach(spec, "initContainers", func(container map[string]interface{}) error {
var newVolumeMounts []interface{}
err := collections.ForEach(container, "volumeMounts", func(volumeMount map[string]interface{}) error {
name, err := collections.GetString(volumeMount, "name")
if err != nil {
return err
}
a.logger.WithField("volumeMount", name).Debug("Checking volumeMount")
if strings.HasPrefix(name, serviceAccountName+"-token-") {
a.logger.WithField("volumeMount", name).Debug("Excluding volumeMount")
} else {
a.logger.WithField("volumeMount", name).Debug("Preserving volumeMount")
newVolumeMounts = append(newVolumeMounts, volumeMount)
}
return nil
})
if err != nil {
return err
}
container["volumeMounts"] = newVolumeMounts
return nil
})
if err != nil {
return nil, nil, err
}
return obj, nil, nil return obj, nil, nil
} }

41
pkg/restore/pod_action_test.go
View File

@ -43,18 +43,21 @@ func TestPodActionExecute(t *testing.T) {
WithSpec("serviceAccountName", "foo"). WithSpec("serviceAccountName", "foo").
WithSpecField("volumes", []interface{}{}). WithSpecField("volumes", []interface{}{}).
WithSpecField("containers", []interface{}{}). WithSpecField("containers", []interface{}{}).
WithSpecField("initContainers", []interface{}{}).
Unstructured, Unstructured,
expectedErr: false, expectedErr: false,
expectedRes: NewTestUnstructured().WithName("pod-1").WithSpec("foo"). expectedRes: NewTestUnstructured().WithName("pod-1").WithSpec("foo").
WithSpec("serviceAccountName", "foo"). WithSpec("serviceAccountName", "foo").
WithSpecField("volumes", []interface{}{}). WithSpecField("volumes", []interface{}{}).
WithSpecField("containers", []interface{}{}). WithSpecField("containers", []interface{}{}).
WithSpecField("initContainers", []interface{}{}).
Unstructured, Unstructured,
}, },
{ {
name: "volumes matching prefix ServiceAccount-token- should be deleted", name: "volumes matching prefix ServiceAccount-token- should be deleted",
obj: NewTestUnstructured().WithName("pod-1"). obj: NewTestUnstructured().WithName("pod-1").
WithSpec("serviceAccountName", "foo"). WithSpec("serviceAccountName", "foo").
WithSpecField("initContainers", []interface{}{}).
WithSpecField("volumes", []interface{}{ WithSpecField("volumes", []interface{}{
map[string]interface{}{"name": "foo"}, map[string]interface{}{"name": "foo"},
map[string]interface{}{"name": "foo-token-foo"}, map[string]interface{}{"name": "foo-token-foo"},
@ -62,6 +65,7 @@ func TestPodActionExecute(t *testing.T) {
expectedErr: false, expectedErr: false,
expectedRes: NewTestUnstructured().WithName("pod-1"). expectedRes: NewTestUnstructured().WithName("pod-1").
WithSpec("serviceAccountName", "foo"). WithSpec("serviceAccountName", "foo").
WithSpecField("initContainers", []interface{}{}).
WithSpecField("volumes", []interface{}{ WithSpecField("volumes", []interface{}{
map[string]interface{}{"name": "foo"}, map[string]interface{}{"name": "foo"},
}).WithSpecField("containers", []interface{}{}).Unstructured, }).WithSpecField("containers", []interface{}{}).Unstructured,
@ -71,6 +75,7 @@ func TestPodActionExecute(t *testing.T) {
obj: NewTestUnstructured().WithName("svc-1"). obj: NewTestUnstructured().WithName("svc-1").
WithSpec("serviceAccountName", "foo"). WithSpec("serviceAccountName", "foo").
WithSpecField("volumes", []interface{}{}). WithSpecField("volumes", []interface{}{}).
WithSpecField("initContainers", []interface{}{}).
WithSpecField("containers", []interface{}{ WithSpecField("containers", []interface{}{
map[string]interface{}{ map[string]interface{}{
"volumeMounts": []interface{}{ "volumeMounts": []interface{}{
@ -88,6 +93,7 @@ func TestPodActionExecute(t *testing.T) {
expectedRes: NewTestUnstructured().WithName("svc-1"). expectedRes: NewTestUnstructured().WithName("svc-1").
WithSpec("serviceAccountName", "foo"). WithSpec("serviceAccountName", "foo").
WithSpecField("volumes", []interface{}{}). WithSpecField("volumes", []interface{}{}).
WithSpecField("initContainers", []interface{}{}).
WithSpecField("containers", []interface{}{ WithSpecField("containers", []interface{}{
map[string]interface{}{ map[string]interface{}{
"volumeMounts": []interface{}{ "volumeMounts": []interface{}{
@ -99,6 +105,41 @@ func TestPodActionExecute(t *testing.T) {
}). }).
Unstructured, Unstructured,
}, },
{
name: "initContainer volumeMounts matching prefix ServiceAccount-token- should be deleted",
obj: NewTestUnstructured().WithName("svc-1").
WithSpec("serviceAccountName", "foo").
WithSpecField("volumes", []interface{}{}).
WithSpecField("containers", []interface{}{}).
WithSpecField("initContainers", []interface{}{
map[string]interface{}{
"volumeMounts": []interface{}{
map[string]interface{}{
"name": "foo",
},
map[string]interface{}{
"name": "foo-token-foo",
},
},
},
}).
Unstructured,
expectedErr: false,
expectedRes: NewTestUnstructured().WithName("svc-1").
WithSpec("serviceAccountName", "foo").
WithSpecField("volumes", []interface{}{}).
WithSpecField("containers", []interface{}{}).
WithSpecField("initContainers", []interface{}{
map[string]interface{}{
"volumeMounts": []interface{}{
map[string]interface{}{
"name": "foo",
},
},
},
}).
Unstructured,
},
} }
for _, test := range tests { for _, test := range tests {