Merge pull request #910 from james-powis/fix_restic_restore_service_user_token

Drop volumes matching name ServiceAccountName-token-
2018-10-09 11:32:23 -07:00 · 2018-10-09 11:32:23 -07:00 · d579784692
parent 7c3f4ddd74 30369c2ad5
commit d579784692
2 changed files with 72 additions and 0 deletions
--- a/pkg/restore/pod_action.go
+++ b/pkg/restore/pod_action.go
@ -112,5 +112,36 @@ func (a *podAction) Execute(obj runtime.Unstructured, restore *api.Restore) (run
 		return nil, nil, err
 	}

+	a.logger.Debug("iterating over init containers")
+	err = collections.ForEach(spec, "initContainers", func(container map[string]interface{}) error {
+		var newVolumeMounts []interface{}
+		err := collections.ForEach(container, "volumeMounts", func(volumeMount map[string]interface{}) error {
+			name, err := collections.GetString(volumeMount, "name")
+			if err != nil {
+				return err
+			}
+
+			a.logger.WithField("volumeMount", name).Debug("Checking volumeMount")
+			if strings.HasPrefix(name, serviceAccountName+"-token-") {
+				a.logger.WithField("volumeMount", name).Debug("Excluding volumeMount")
+			} else {
+				a.logger.WithField("volumeMount", name).Debug("Preserving volumeMount")
+				newVolumeMounts = append(newVolumeMounts, volumeMount)
+			}
+
+			return nil
+		})
+		if err != nil {
+			return err
+		}
+
+		container["volumeMounts"] = newVolumeMounts
+
+		return nil
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+
 	return obj, nil, nil
 }
--- a/pkg/restore/pod_action_test.go
+++ b/pkg/restore/pod_action_test.go
@ -43,18 +43,21 @@ func TestPodActionExecute(t *testing.T) {
 				WithSpec("serviceAccountName", "foo").
 				WithSpecField("volumes", []interface{}{}).
 				WithSpecField("containers", []interface{}{}).
+				WithSpecField("initContainers", []interface{}{}).
 				Unstructured,
 			expectedErr: false,
 			expectedRes: NewTestUnstructured().WithName("pod-1").WithSpec("foo").
 				WithSpec("serviceAccountName", "foo").
 				WithSpecField("volumes", []interface{}{}).
 				WithSpecField("containers", []interface{}{}).
+				WithSpecField("initContainers", []interface{}{}).
 				Unstructured,
 		},
 		{
 			name: "volumes matching prefix ServiceAccount-token- should be deleted",
 			obj: NewTestUnstructured().WithName("pod-1").
 				WithSpec("serviceAccountName", "foo").
+				WithSpecField("initContainers", []interface{}{}).
 				WithSpecField("volumes", []interface{}{
 					map[string]interface{}{"name": "foo"},
 					map[string]interface{}{"name": "foo-token-foo"},
@ -62,6 +65,7 @@ func TestPodActionExecute(t *testing.T) {
 			expectedErr: false,
 			expectedRes: NewTestUnstructured().WithName("pod-1").
 				WithSpec("serviceAccountName", "foo").
+				WithSpecField("initContainers", []interface{}{}).
 				WithSpecField("volumes", []interface{}{
 					map[string]interface{}{"name": "foo"},
 				}).WithSpecField("containers", []interface{}{}).Unstructured,
@ -71,6 +75,7 @@ func TestPodActionExecute(t *testing.T) {
 			obj: NewTestUnstructured().WithName("svc-1").
 				WithSpec("serviceAccountName", "foo").
 				WithSpecField("volumes", []interface{}{}).
+				WithSpecField("initContainers", []interface{}{}).
 				WithSpecField("containers", []interface{}{
 					map[string]interface{}{
 						"volumeMounts": []interface{}{
@ -88,6 +93,7 @@ func TestPodActionExecute(t *testing.T) {
 			expectedRes: NewTestUnstructured().WithName("svc-1").
 				WithSpec("serviceAccountName", "foo").
 				WithSpecField("volumes", []interface{}{}).
+				WithSpecField("initContainers", []interface{}{}).
 				WithSpecField("containers", []interface{}{
 					map[string]interface{}{
 						"volumeMounts": []interface{}{
@ -99,6 +105,41 @@ func TestPodActionExecute(t *testing.T) {
 				}).
 				Unstructured,
 		},
+		{
+			name: "initContainer volumeMounts matching prefix ServiceAccount-token- should be deleted",
+			obj: NewTestUnstructured().WithName("svc-1").
+				WithSpec("serviceAccountName", "foo").
+				WithSpecField("volumes", []interface{}{}).
+				WithSpecField("containers", []interface{}{}).
+				WithSpecField("initContainers", []interface{}{
+					map[string]interface{}{
+						"volumeMounts": []interface{}{
+							map[string]interface{}{
+								"name": "foo",
+							},
+							map[string]interface{}{
+								"name": "foo-token-foo",
+							},
+						},
+					},
+				}).
+				Unstructured,
+			expectedErr: false,
+			expectedRes: NewTestUnstructured().WithName("svc-1").
+				WithSpec("serviceAccountName", "foo").
+				WithSpecField("volumes", []interface{}{}).
+				WithSpecField("containers", []interface{}{}).
+				WithSpecField("initContainers", []interface{}{
+					map[string]interface{}{
+						"volumeMounts": []interface{}{
+							map[string]interface{}{
+								"name": "foo",
+							},
+						},
+					},
+				}).
+				Unstructured,
+		},
 	}

 	for _, test := range tests {